[Secure-testing-team] Bug#658692: [php5-common]

Jürg Hofmann juerg.hofmann at postbox.ch
Sun Feb 5 10:10:26 UTC 2012 

Package: php5-common
Version: 5.3.3-7+squeeze3
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

--- Please enter the report below this line. ---
  When i try to update php5-common and related packages, from Version: 
5.3.3-7+squeeze3 to 5.3.3-7+squeeze7, i get the following info: WARNING: 
terminal is not fully functional/tmp/tmpcnqGaJ  (press RETURN).
After pressing return, the following is displayed:

php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high  * The following 
new directives were added as part of security fixes:    - max_input_vars 
- specifies how many GET/POST/COOKIE input variables      may be 
accepted.  Default value is set to 1000.    - xsl.security_prefs - 
define forbidden operations within XSLT      stylesheets.  Write 
operations are now disabled by default.

  -- Ond?ej Sur? <ondrej at debian.org>  Mon, 23 Jan 2012 12:22:26 +0100

php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low  * Updated 
blowfish crypt() algorithm fixes the 8-bit character handling    
vulnerability (CVE-2011-2483) and adds more self-tests.  
Unfortunately    this change is incompatible with some old (wrong) 
generated hashes for    passwords containing 8-bit characters.  
Therefore the new salt prefix    '$2x$' was introduced which can be used 
as a replacement for '$2a$'    salt prefix in the password database in 
case the incompatibility is    found.

  -- Ond?ej Sur? <ondrej at debian.org>  Mon, 04 Jul 2011 10:31:16 
+0200/tmp/tmp2PNfKm (END)

The terminal hangs and nothing is udated.
Same with apt and synaptic.

--- System information. ---
Architecture: amd64
Kernel: Linux 2.6.32-5-amd64

Debian Release: 6.0.4
500 stable-updates mirror.switch.ch
500 stable security.debian.org
500 stable mirror.switch.ch

--- Package information. ---
Depends (Version) | Installed
========================-+-=============
sed (>= 4.1.1-1) | 4.2.1-7
libc6 (>= 2.4) | 2.11.3-2


Recommends (Version) | Installed
===========================-+-===========
php5-suhosin | 0.9.32.1-1


Package's Suggests field is empty.

More information about the Secure-testing-team mailing list