Debian Bug report logs -
#441433
CVE-2007-3806, CVE-2007-2519 and CVE-2007-3799
Reported by: Nico Golde <nion@debian.org>
Date: Sun, 9 Sep 2007 19:30:02 UTC
Severity: important
Tags: security
Found in version php5/5.2.3-1
Fixed in version 5.2.4-1
Done: sean finney <seanius@seanius.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#441433; Package php5.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: php5
Version: 5.2.3-1
Severity: important
Tags: security
Hi,
3 CVEs had been issued against php5:
CVE-2007-3799[0]:
The session_start function in ext/session in PHP 4.x up to
4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert
arbitrary attributes into the session cookie via special
characters in a cookie that is obtained from (1) PATH_INFO,
(2) the session_id function, and (3) the session_start
function, which are not encoded or filtered when the new
session cookie is generated.
CVE-2007-2519[1]:
Directory traversal vulnerability in the installer in PEAR
1.0 through 1.5.3 allows user-assisted remote attackers to
overwrite arbitrary files via a .. (dot dot) sequence in the
(1) install-as attribute in the file element in package.xml
1.0 or the (2) as attribute in the install element in
package.xml 2.0. NOTE: it could be argued that this does not
cross privilege boundaries in typical installations, since
the code being installed could perform the same actions.
CVE-2007-3806[2]:
The glob function in PHP 5.2.3 allows context-dependent
attackers to cause a denial of service and possibly execute
arbitrary code via an invalid value of the flags parameter,
probably related to memory corruption.
Please include the CVE ids in your changelog entries if you
fix the issues.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2519
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3806
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to sean finney <seanius@seanius.net>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 441433-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 5.2.4-1
The bugs referenced in this email are all fixed in unstable, and fixes are
pending in stable/oldstable if relevant. the next upload of 5.2.4 will
contain references to the CVE id's if appropriate.
sean
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 21 Jan 2008 07:27:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:29:26 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon