Debian Bug report logs -
#683694
php5: CVE-2012-3450: pdo array overread/crash
Reported by: Henri Salo <henri@nerv.fi>
Date: Thu, 2 Aug 2012 21:33:01 UTC
Severity: important
Tags: fixed-upstream, security
Fixed in version 5.3.3-7+squeeze14/
Done: Thijs Kinkhorst <thijs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
:
Bug#683694
; Package php5
.
(Thu, 02 Aug 2012 21:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
.
(Thu, 02 Aug 2012 21:33:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Subject: CVE-2012-3450: php5 pdo array overread/crash
Package: php5
Severity: important
Tags: security, fixed-upstream
Denial of service vulnerability has been found and fixed in PHP, which might affect Debian packages too.
Original report: http://seclists.org/bugtraq/2012/Jun/60 (Discovered by 0x721427D8 via BeyondSecurity - SecuriTeam Secure Disclosure)
Upstream bug-report: https://bugs.php.net/bug.php?id=61755 with a test-case
Patch: https://bugs.php.net/patch-display.php?bug_id=61755&patch=bug61755.diff&revision=latest
Currently in Debian security tracker as undetermined: http://lists.alioth.debian.org/pipermail/secure-testing-commits/2012-August/021045.html
As I do not currently have time I request package maintainers to check if Debian packages are affected. I can also do proper testing and add affected versions to this bug-report after few days when I have more free time.
Best regards,
Henri Salo
Marked as fixed in versions 5.3.3-7+squeeze14/.
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org
.
(Tue, 14 Aug 2012 08:54:06 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org
.
(Tue, 14 Aug 2012 08:54:06 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>
:
Bug acknowledged by developer.
(Tue, 14 Aug 2012 08:54:07 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 12 Sep 2012 07:29:36 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:40:47 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.