Debian Bug report logs -
#396764
CVE-2006-5465: PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 2 Nov 2006 20:03:14 UTC
Severity: critical
Tags: patch, security
Fixed in version php4/4:4.4.4-4
Done: sean finney <seanius@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#396764; Package php4.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: php4
severity: critical
tags: security
From http://secunia.com/advisories/22653/ :
"Some vulnerabilities have been reported in PHP, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors within
the "htmlentities()" and "htmlspecialchars()" functions. If a PHP
application uses these functions to process user-supplied input, this
can be exploited to cause buffer overflows by passing specially
crafted data to the affected application.
Successful exploitation may allow execution of arbitrary code."
Since htmlentities() and htmlspecialchars() are frequently used on
user input, this seems quite severe to me.
Tags added: pending
Request was from Ondrej Sury <ondrej@alioth.debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: patch
Request was from Ondřej Surý <ondrej@sury.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#396764; Package php4.
(full text, mbox, link).
Acknowledgement sent to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #14 received at 396764@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
--
Ondřej Surý <ondrej@sury.org>
[052-CVE-2006-5465_htmlentities.patch (text/x-patch, attachment)]
Reply sent to sean finney <seanius@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #19 received at 396764-close@bugs.debian.org (full text, mbox, reply):
Source: php4
Source-Version: 4:4.4.4-4
We believe that the bug you reported is fixed in the latest version of
php4, which is due to be installed in the Debian FTP archive:
libapache-mod-php4_4.4.4-4_amd64.deb
to pool/main/p/php4/libapache-mod-php4_4.4.4-4_amd64.deb
libapache2-mod-php4_4.4.4-4_amd64.deb
to pool/main/p/php4/libapache2-mod-php4_4.4.4-4_amd64.deb
php4-cgi_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-cgi_4.4.4-4_amd64.deb
php4-cli_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-cli_4.4.4-4_amd64.deb
php4-common_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-common_4.4.4-4_amd64.deb
php4-curl_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-curl_4.4.4-4_amd64.deb
php4-dev_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-dev_4.4.4-4_amd64.deb
php4-domxml_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-domxml_4.4.4-4_amd64.deb
php4-gd_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-gd_4.4.4-4_amd64.deb
php4-ldap_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-ldap_4.4.4-4_amd64.deb
php4-mcal_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-mcal_4.4.4-4_amd64.deb
php4-mhash_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-mhash_4.4.4-4_amd64.deb
php4-mysql_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-mysql_4.4.4-4_amd64.deb
php4-odbc_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-odbc_4.4.4-4_amd64.deb
php4-pear_4.4.4-4_all.deb
to pool/main/p/php4/php4-pear_4.4.4-4_all.deb
php4-pgsql_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-pgsql_4.4.4-4_amd64.deb
php4-recode_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-recode_4.4.4-4_amd64.deb
php4-snmp_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-snmp_4.4.4-4_amd64.deb
php4-sybase_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-sybase_4.4.4-4_amd64.deb
php4-xslt_4.4.4-4_amd64.deb
to pool/main/p/php4/php4-xslt_4.4.4-4_amd64.deb
php4_4.4.4-4.diff.gz
to pool/main/p/php4/php4_4.4.4-4.diff.gz
php4_4.4.4-4.dsc
to pool/main/p/php4/php4_4.4.4-4.dsc
php4_4.4.4-4_all.deb
to pool/main/p/php4/php4_4.4.4-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 396764@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
sean finney <seanius@debian.org> (supplier of updated php4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 04 Nov 2006 19:58:55 +0100
Source: php4
Binary: php4-sybase php4-recode php4-cgi libapache-mod-php4 php4-cli php4-dev php4-snmp libapache2-mod-php4 php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-common php4 php4-curl php4-pear php4-mcal php4-mhash php4-pgsql
Architecture: source amd64 all
Version: 4:4.4.4-4
Distribution: unstable
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: sean finney <seanius@debian.org>
Description:
libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)
libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module)
php4 - server-side, HTML-embedded scripting language (meta-package)
php4-cgi - server-side, HTML-embedded scripting language (CGI binary)
php4-cli - command-line interpreter for the php4 scripting language
php4-common - Common files for packages built from the php4 source
php4-curl - CURL module for php4
php4-dev - Files for PHP4 module development
php4-domxml - XMLv2 module for php4
php4-gd - GD module for php4
php4-ldap - LDAP module for php4
php4-mcal - MCAL calendar module for php4
php4-mhash - MHASH module for php4
php4-mysql - MySQL module for php4
php4-odbc - ODBC module for php4
php4-pear - PHP Extension and Application Repository (transitional package)
php4-pgsql - PostgreSQL module for php4
php4-recode - Character recoding module for php4
php4-snmp - SNMP module for php4
php4-sybase - Sybase / MS SQL Server module for php4
php4-xslt - XSLT module for php4
Closes: 348499 396764
Changes:
php4 (4:4.4.4-4) unstable; urgency=high
.
* The "Evil 4's" release :-)
.
[ sean finney ]
* fix for SSL ciphers/contexts not being initialized properly
thanks to Theodor Milkov for finding this (closes: #348499).
.
[ Ondřej Surý ]
* SECURITY: include patch for html buffer overflows in ext/standard/html.c
Reference: CVE-2006-5465
Patch: 061-CVE-2006-5465_htmlentities.patch
Closes: #396764
Files:
0a6716436fe6f5aea5620587155b33ef 1835 web optional php4_4.4.4-4.dsc
0d7892a0ec3b4b3e703f8f31bfafa89d 89982 web optional php4_4.4.4-4.diff.gz
69fec93324d97f7bcac0493a1504f75c 204924 web optional php4-common_4.4.4-4_amd64.deb
72685c31fb5c4e53d373d320954b5dbe 1645610 web optional libapache-mod-php4_4.4.4-4_amd64.deb
e3baaed934f5964c6e3e1d3c13219f88 1646638 web optional libapache2-mod-php4_4.4.4-4_amd64.deb
0f464018a5d84d6ddbac525251f44e85 3253360 web optional php4-cgi_4.4.4-4_amd64.deb
ff75ee8eb1e265d4e859b774c490116f 1634240 web optional php4-cli_4.4.4-4_amd64.deb
0c40bcc627869d343508a5ad4ef299b1 201108 devel optional php4-dev_4.4.4-4_amd64.deb
1e595b40645f1165226aa3f039d869c4 15794 web optional php4-curl_4.4.4-4_amd64.deb
640fd9fe3ff9e3ce5a58795065be8704 39464 web optional php4-domxml_4.4.4-4_amd64.deb
2fe376b229f54c9242793b95cf9af19b 32302 web optional php4-gd_4.4.4-4_amd64.deb
cc218bebb3e7db324dbb36022f0cae84 18610 web optional php4-ldap_4.4.4-4_amd64.deb
45a7d5c2fb043cdba98accb425aa40d2 15612 web optional php4-mcal_4.4.4-4_amd64.deb
39ee3270058001e85b65cdbcb030f8c5 5232 web optional php4-mhash_4.4.4-4_amd64.deb
261df5db92447e383adfae17d44a5338 20574 web optional php4-mysql_4.4.4-4_amd64.deb
7f151fff2762dc9233fc56e0e54aa217 26128 web optional php4-odbc_4.4.4-4_amd64.deb
e221e9df03f2e09bf2eb4c1280c979e1 36006 web optional php4-pgsql_4.4.4-4_amd64.deb
ad7dcd244f429f3eae08ffc6c0bd13a0 4954 web optional php4-recode_4.4.4-4_amd64.deb
7a333c9d5e5c2b67afd3c4a6ea8d5509 11012 web optional php4-snmp_4.4.4-4_amd64.deb
1f16f5d310b8955aea578541cd08b1e2 19106 web optional php4-sybase_4.4.4-4_amd64.deb
b3d5f14f00b79df53f2687adc4a68774 14484 web optional php4-xslt_4.4.4-4_amd64.deb
2747e78770c218e5e66f41610af1a286 1160 web optional php4_4.4.4-4_all.deb
44c7426ddb38e6d2e4c4e0628df96d19 1174 web optional php4-pear_4.4.4-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFTOsdynjLPm522B0RAj21AJ9OZ25XeG5HmrH1G36sAA2MSnn4uQCfaDxO
MlcHSneaDvqCc5zHOcoZyaw=
=dboZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 26 Jun 2007 06:03:17 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:18:53 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon