Debian Bug report logs -
#683274
CVE-2012-2688
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Mon, 30 Jul 2012 12:36:02 UTC
Severity: grave
Tags: security
Found in version 5.2.6.dfsg.1-1.174.201203011406
Fixed in version php5/5.4.4-4
Done: Ondřej Surý <ondrej@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#683274; Package php5.
(Mon, 30 Jul 2012 12:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 30 Jul 2012 12:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php5
Version: 5.2.6.dfsg.1-1.174.201203011406
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
http://git.php.net/?p=php-src.git;a=commitdiff;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5
Cheers,
Moritz
Reply sent
to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility.
(Mon, 06 Aug 2012 12:21:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Mon, 06 Aug 2012 12:21:07 GMT) (full text, mbox, link).
Message #10 received at 683274-close@bugs.debian.org (full text, mbox, reply):
Source: php5
Source-Version: 5.4.4-4
We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 683274@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated php5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 06 Aug 2012 13:01:42 +0200
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source amd64 all
Version: 5.4.4-4
Distribution: unstable
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
libphp5-embed - HTML-embedded scripting language (Embedded SAPI library)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-enchant - Enchant module for php5
php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-imap - IMAP module for php5
php5-interbase - interbase/firebird module for php5
php5-intl - internationalisation module for php5
php5-ldap - LDAP module for php5
php5-mcrypt - MCrypt module for php5
php5-mysql - MySQL module for php5
php5-mysqlnd - MySQL module for php5 (Native Driver)
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 674205 683274
Changes:
php5 (5.4.4-4) unstable; urgency=low
.
* Fix php5-fpm segfault (PHP#62205)
* CVE-2012-2688: potential overflow in _php_stream_scandir
(Closes: #683274)
* Improve security in CGI section in README.Debian (Closes: #674205)
Checksums-Sha1:
a95e80d4d01a868ab915de7db523910a42b34c26 3706 php5_5.4.4-4.dsc
fb3327a3b0c23c0e6f88c32d891bd1b28ada7c40 182530 php5_5.4.4-4.diff.gz
4e8df0ad75c3ad2a18bcadcc8c2c3736ca9ee6cf 582546 php5-common_5.4.4-4_amd64.deb
66825a29d8ca01f2d24826b752c403fda7d9483f 2663634 libapache2-mod-php5_5.4.4-4_amd64.deb
3e5f9a6f1f8c968bf1dbc20733d5e2db587d3518 2662600 libapache2-mod-php5filter_5.4.4-4_amd64.deb
80751bbb83f993ec0ba5b2ecd31307b969a51a8c 5096800 php5-cgi_5.4.4-4_amd64.deb
d1836b1cee35880781f1d146e2144f93edfa4907 2556334 php5-cli_5.4.4-4_amd64.deb
f6078a81dd07f2416d9ab27d4caf61e1569e2a7d 2587820 php5-fpm_5.4.4-4_amd64.deb
26415b954eea3f3287a4d964387916ab955aedba 2661340 libphp5-embed_5.4.4-4_amd64.deb
b8825bfcc076e115ef9443242fda71a73cb1b5e1 497742 php5-dev_5.4.4-4_amd64.deb
82ed171163e9b7606ad2cc6b1b49e7f3c157eb19 15952984 php5-dbg_5.4.4-4_amd64.deb
83f8ed7fae788bafbca3656fd1d8df56db2799bd 29056 php5-curl_5.4.4-4_amd64.deb
293f3aa4e5fc6303fdc23c8565bfcb47d2261b97 9906 php5-enchant_5.4.4-4_amd64.deb
e7b0704863cf4d933b07cc0aca49b19478a7c931 35684 php5-gd_5.4.4-4_amd64.deb
fea44bb87d4f62208a40e953c7fa8329c78eb5b2 17136 php5-gmp_5.4.4-4_amd64.deb
315d98dc3678dbc9527a99ff383a484b6d96b774 35580 php5-imap_5.4.4-4_amd64.deb
83853043efa57bedfe45740886f617bde8cd4f94 49586 php5-interbase_5.4.4-4_amd64.deb
f0f3b2f217a3173f5991c540f7f646d234166856 71884 php5-intl_5.4.4-4_amd64.deb
56458e4916c76a574039457a9cbe438379fec4d2 21732 php5-ldap_5.4.4-4_amd64.deb
9dff715cc16347c9dda84f42629ef3b974fa756b 16060 php5-mcrypt_5.4.4-4_amd64.deb
a98ed2a6d62f832d484118d684d6599df61ec4d8 80838 php5-mysql_5.4.4-4_amd64.deb
aef5dd9964368335066961712f6ffb7e6c87e3b8 162360 php5-mysqlnd_5.4.4-4_amd64.deb
fb6755d795f893ca4c72717caeb6e97d6b3c2460 36644 php5-odbc_5.4.4-4_amd64.deb
143d37853e65a2fd5b688705a3f679c38ed5fb9f 61444 php5-pgsql_5.4.4-4_amd64.deb
d8a678203138da59fc41ecd8c72227200c40fd24 8888 php5-pspell_5.4.4-4_amd64.deb
3fe6e3c820cdf4970ed66b01cff0801bc82f1d5a 5186 php5-recode_5.4.4-4_amd64.deb
a2c8e6b7184410354a194a1bd87ed4812aced67b 21792 php5-snmp_5.4.4-4_amd64.deb
5a979d8ec90550fc0883892dc4757dd38a7b81a3 30326 php5-sqlite_5.4.4-4_amd64.deb
e74425deb1df56c2e1d3abf93b166dce64cf826f 28162 php5-sybase_5.4.4-4_amd64.deb
7d105413bb26f637d675fd680e9d2b891608fb80 19578 php5-tidy_5.4.4-4_amd64.deb
bfde58b5911f9da202644b1e382759e36f96e320 36260 php5-xmlrpc_5.4.4-4_amd64.deb
311f9af677567905b591113968c55dbe3ad15d2b 15396 php5-xsl_5.4.4-4_amd64.deb
be4cf2d63f05edcae60f739e736d75bd6ad6b509 1016 php5_5.4.4-4_all.deb
c354afdad6714d7553a95805824b36be39bba8c5 367330 php-pear_5.4.4-4_all.deb
Checksums-Sha256:
ac437197ed7e9bd7eee0961179f9337c28d0a6b7abedb557bfdb71de377ef4a0 3706 php5_5.4.4-4.dsc
1fa65941d3355ffaa2c018b3d2870fe6a6f9f621f2131ff612d153004f53c6f0 182530 php5_5.4.4-4.diff.gz
ce31561366b7cf0375495b605cad90b16944abee10c74113324808a6a6d07241 582546 php5-common_5.4.4-4_amd64.deb
4da5ea5bce98664b7a0784cfa17e057f3e85e5ba198696a0f165e431a537edbd 2663634 libapache2-mod-php5_5.4.4-4_amd64.deb
e77749ce77613103b5d3d684db831d918a78d32076dbb1c286eed3112637baa8 2662600 libapache2-mod-php5filter_5.4.4-4_amd64.deb
c0a798a7903c43c754f9fe31c80d64265935e0ae1e1569d0d956a599d9a5d735 5096800 php5-cgi_5.4.4-4_amd64.deb
3c3b0fb3ec8b6bbe55916cfe7b3ad0896c84650ca215bbea15bfc2c0c62581fe 2556334 php5-cli_5.4.4-4_amd64.deb
1455a264535c6d51989eaaa3b688f3eca7d7e2d5e663c8468307e373b5933f15 2587820 php5-fpm_5.4.4-4_amd64.deb
78af5f8b769f2213862681c917c5b053dd576724b3faa4e15d93784510aac246 2661340 libphp5-embed_5.4.4-4_amd64.deb
a156b809272e44d649eb468921de402caa174a75dd9e6f77aac75fdaec013bc1 497742 php5-dev_5.4.4-4_amd64.deb
5ebd9bbcd47163f31990dea0349147e88382f9aba0d0b45f875c6cb4e6d47ebb 15952984 php5-dbg_5.4.4-4_amd64.deb
cee5d5769863a977210fa196a2f7e5eb476a3fa54407bd6a2db4f06fe02d80cb 29056 php5-curl_5.4.4-4_amd64.deb
74a7aa723290af29fe97aba5c0b1e43ac3a2024afe875da441b72f2aace23afd 9906 php5-enchant_5.4.4-4_amd64.deb
10d5374d464199e981075e7791ae3676bc438b7e189b59f70173a295d9bb76ef 35684 php5-gd_5.4.4-4_amd64.deb
b25fb93cd1c737f1803b0853912d0d9783747af4fae96aced5d5e6fb2126b413 17136 php5-gmp_5.4.4-4_amd64.deb
c6b8728421c0dda7efdc220168a67c199196970cff421f8bbbf841cfd13fea00 35580 php5-imap_5.4.4-4_amd64.deb
90ab3b4707861f11000a58b7c64c8a7e1c37aa8c9c50ffea9e29f5542bd0b5f3 49586 php5-interbase_5.4.4-4_amd64.deb
e95bc94ef4cd88ab4ec83b310ac638d8d66ea6728894fa205d517b7372cba277 71884 php5-intl_5.4.4-4_amd64.deb
6de8e654e63733bb497c2ebe91a4a4a7dd0c5b2df72d70b3956763ac16585cca 21732 php5-ldap_5.4.4-4_amd64.deb
14768a55c3745cf683ad8ac34ed32c29ae2e7bce13e20d30307a1f078447d860 16060 php5-mcrypt_5.4.4-4_amd64.deb
9a8e3b3247cc4944c4fc7fac9d1f9bfc5aa2f29008e4114c9b7c39382860efbc 80838 php5-mysql_5.4.4-4_amd64.deb
7fa580bf3d0499b5e4d4f12c5d8920a241ad68163e6959ba003bdcceadb8cfe3 162360 php5-mysqlnd_5.4.4-4_amd64.deb
ec2e828361c93da438c529308109cb76f65c5d4cfe6feb29c93d37aa5b0f2041 36644 php5-odbc_5.4.4-4_amd64.deb
cc69198adedfecdda4379c3ab21cf753df6d50f18c8607cb1bf50b5a17798122 61444 php5-pgsql_5.4.4-4_amd64.deb
d7c6eb7e771dc9cf514483e1ee87d338a42e9afa6c264711f0cecb3e24628db3 8888 php5-pspell_5.4.4-4_amd64.deb
d7841f01953ae71329db9c05f3a709170db2e52431b9a7c95595da74d1e49a7c 5186 php5-recode_5.4.4-4_amd64.deb
5bb8a293d7edb04de3f8630dd8f2984df184afa9b8d35e7d38273b2e67a68b69 21792 php5-snmp_5.4.4-4_amd64.deb
3dd1ce34650c0f2fa1f1f2ce6c768d35f0582299247feb0c7e2d1a81fdd6da31 30326 php5-sqlite_5.4.4-4_amd64.deb
033daded7da409c3148c9571e55a89eae0515b50f4914ea0289f378781d31cf9 28162 php5-sybase_5.4.4-4_amd64.deb
829a3a357e6bae58e2595cc94daf5da51b3e32a2d3def327aeced0655e5a4afc 19578 php5-tidy_5.4.4-4_amd64.deb
570f9336b81556cfe6aa1b3c967bd1b94ff89bf1a5fe5df3768385ff20e9f880 36260 php5-xmlrpc_5.4.4-4_amd64.deb
57ae8a35d34c26fdbabbf3eb60374931e047bdf8801caef62f0c0bd8530c46af 15396 php5-xsl_5.4.4-4_amd64.deb
db05e3ab0eebf34e6907f33d0ae3d4666ba201aafd2c3ac877a4f6afec621604 1016 php5_5.4.4-4_all.deb
4a9aa4bacc25196a424ef41b579055b3a940a71fccbba607750cc27303998e28 367330 php-pear_5.4.4-4_all.deb
Files:
5c7b7e51ad7c6493824fcee260fdb7a9 3706 php optional php5_5.4.4-4.dsc
550078251ab0e67da9132c20011053d7 182530 php optional php5_5.4.4-4.diff.gz
4ce59141ff131037422d48bfb0fc4633 582546 php optional php5-common_5.4.4-4_amd64.deb
f34a03c271c5125a226e48bec86a0212 2663634 httpd optional libapache2-mod-php5_5.4.4-4_amd64.deb
1b3e5ac288d8e76c8b683dc34f1bfc46 2662600 httpd extra libapache2-mod-php5filter_5.4.4-4_amd64.deb
ed692702fe527026cec7611649787759 5096800 php optional php5-cgi_5.4.4-4_amd64.deb
730ffe83735e68f5d461ba7da13b0a59 2556334 php optional php5-cli_5.4.4-4_amd64.deb
4babe7d74b6814299a4835457ef0ac52 2587820 php optional php5-fpm_5.4.4-4_amd64.deb
8439865ece65a6691ef201c938c4fc5c 2661340 php optional libphp5-embed_5.4.4-4_amd64.deb
179cd0cdd4c98b6a28cb9e82f0a0a51e 497742 php optional php5-dev_5.4.4-4_amd64.deb
6b5f90107139643909c71f3261e37e62 15952984 debug extra php5-dbg_5.4.4-4_amd64.deb
428477041dc8bd1b3582700ed00e2c96 29056 php optional php5-curl_5.4.4-4_amd64.deb
2cf2e62b110bb6a981fbf2a0e6baaf51 9906 php optional php5-enchant_5.4.4-4_amd64.deb
bb402def3620158b1e0642c27ee76681 35684 php optional php5-gd_5.4.4-4_amd64.deb
7625a94a203954e5fe9bc26af113f6a9 17136 php optional php5-gmp_5.4.4-4_amd64.deb
e85ee0219bcf81d6fa8ab3747f5bc8b5 35580 php optional php5-imap_5.4.4-4_amd64.deb
049b01deb8823d070d0c35df0f6e57f0 49586 php optional php5-interbase_5.4.4-4_amd64.deb
123f0ed72a50ae38f35b2dea2970fed5 71884 php optional php5-intl_5.4.4-4_amd64.deb
be80a479676bd8cbbd594ec604baa1c4 21732 php optional php5-ldap_5.4.4-4_amd64.deb
e7404ea246500b3f20b64df4b277c34d 16060 php optional php5-mcrypt_5.4.4-4_amd64.deb
e29caa33999635c5989e440c9505c1b8 80838 php optional php5-mysql_5.4.4-4_amd64.deb
03555fca04d7ef573a6c1c122c5fc71a 162360 php extra php5-mysqlnd_5.4.4-4_amd64.deb
36b18b0eee99dbd76a043b1d89b92fe1 36644 php optional php5-odbc_5.4.4-4_amd64.deb
f17a3387cd4d45d64288ca0fc9c79849 61444 php optional php5-pgsql_5.4.4-4_amd64.deb
cc63fe08ae6ec06d93d5d9618fffc1ec 8888 php optional php5-pspell_5.4.4-4_amd64.deb
7ce67c70ee0ea82018ebbef0ff1d5d3f 5186 php optional php5-recode_5.4.4-4_amd64.deb
f13a3b0664c92057269f866930f95c31 21792 php optional php5-snmp_5.4.4-4_amd64.deb
61f414c9147063e30718eca6190f444c 30326 php optional php5-sqlite_5.4.4-4_amd64.deb
960e9344c2452a095e23d3f9bbe1b381 28162 php optional php5-sybase_5.4.4-4_amd64.deb
ff9bbd533f529b3a1066fa294d5f109e 19578 php optional php5-tidy_5.4.4-4_amd64.deb
0e76d1a741837850e0aece698c805f8c 36260 php optional php5-xmlrpc_5.4.4-4_amd64.deb
0712f6c9a37f8ef9c438a818374676aa 15396 php optional php5-xsl_5.4.4-4_amd64.deb
d666a09d15b03fd1a58aac0f32f27c63 1016 php optional php5_5.4.4-4_all.deb
a01500f12ae5f78c07e39aec12fdc2e7 367330 php optional php-pear_5.4.4-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlAfs00ACgkQ9OZqfMIN8nPxQQCfYjZreK7jBKOVuGDeZ+/phcQK
4ZQAn0pd9IkJfhglO6bdgUZ9cHqLhrK2
=gA4t
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 04 Sep 2012 07:29:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:42:28 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon