Debian Bug report logs -
#511493
CVE-2008-5557: buffer overflow
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Sun, 11 Jan 2009 15:33:01 UTC
Severity: grave
Tags: patch, pending, security
Found in versions php5/5.2.5-3, 5.0.2-0.1
Fixed in versions 5.2.6.dfsg.1-2, 5.2.6.dfsg.1-1+lenny1
Done: sean finney <seanius@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
:
Bug#511493
; Package php5
.
(Sun, 11 Jan 2009 15:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
.
(Sun, 11 Jan 2009 15:33:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php5
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for php5.
CVE-2008-5557[0]:
| Heap-based buffer overflow in
| ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring
| extension in PHP 4.3.0 through 5.2.6 allows context-dependent
| attackers to execute arbitrary code via a crafted string containing an
| HTML entity, which is not properly handled during Unicode conversion,
| related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3)
| mb_convert_variables, and (4) mb_parse_str functions.
There are some more information available in the php bugreport[1],
including the PoC which seems to work.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
http://security-tracker.debian.net/tracker/CVE-2008-5557
[1] http://bugs.php.net/bug.php?id=45722
Tags added: pending
Request was from Sean Finney <seanius@alioth.debian.org>
to control@bugs.debian.org
.
(Sun, 11 Jan 2009 19:21:03 GMT) (full text, mbox, link).
Tags added: pending
Request was from Sean Finney <seanius@alioth.debian.org>
to control@bugs.debian.org
.
(Sun, 11 Jan 2009 21:30:06 GMT) (full text, mbox, link).
Reply sent
to sean finney <seanius@debian.org>
:
You have taken responsibility.
(Tue, 13 Jan 2009 21:24:08 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Bug acknowledged by developer.
(Tue, 13 Jan 2009 21:24:09 GMT) (full text, mbox, link).
Message #14 received at 511493-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 5.2.6.dfsg.1-2
fixed in unstable. an upload was skipped so closing manually.
sean
[signature.asc (application/pgp-signature, inline)]
Bug marked as found in version 5.2.5-3.
Request was from Sean Finney <seanius@debian.org>
to control@bugs.debian.org
.
(Wed, 14 Jan 2009 08:33:02 GMT) (full text, mbox, link).
Bug marked as found in version 5.0.2-0.1.
Request was from Sean Finney <seanius@debian.org>
to control@bugs.debian.org
.
(Wed, 14 Jan 2009 08:33:03 GMT) (full text, mbox, link).
Reply sent
to sean finney <seanius@debian.org>
:
You have taken responsibility.
(Sat, 28 Feb 2009 19:42:05 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Bug acknowledged by developer.
(Sat, 28 Feb 2009 19:42:09 GMT) (full text, mbox, link).
Message #23 received at 511493-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 5.2.6.dfsg.1-1+lenny1
The following bugs are fixed in lenny, but were not recorded as such because
there was an unreleased version in between uploads which was not automatically
processed for Closes: lines.
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 29 Mar 2009 07:37:16 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Sean Finney <seanius@debian.org>
to control@bugs.debian.org
.
(Tue, 28 Apr 2009 17:45:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
:
Bug#511493
; Package php5
.
(Tue, 28 Apr 2009 18:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sean Finney <seanius@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
.
(Tue, 28 Apr 2009 18:03:05 GMT) (full text, mbox, link).
Message #32 received at 511493@bugs.debian.org (full text, mbox, reply):
tag 511493 pending
thanks
Date: Tue Apr 28 19:43:55 2009 +0200
Author: Sean Finney <seanius@debian.org>
Commit ID: abafc5330cede8260890b3083b739891bd029d62
Commit URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=abafc5330cede8260890b3083b739891bd029d62
Patch URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff_plain;h=abafc5330cede8260890b3083b739891bd029d62
fix for CVE-2008-5557: Heap based overflow in mbstring extension
this was imported from the dapper 5.1.2-1ubuntu3.13 security update
Closes: #511493
Tags added: pending
Request was from Sean Finney <seanius@debian.org>
to control@bugs.debian.org
.
(Tue, 28 Apr 2009 18:03:09 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 27 May 2009 07:32:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:01:56 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.