Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

php4-sqlite: sqlite_udf_decode_binary() Buffer Overflow Vulnerability

Related Vulnerabilities: CVE-2007-1887  

Source

Debian Bug report logs - #420456
php4-sqlite: sqlite_udf_decode_binary() Buffer Overflow Vulnerability

version graph

Package: php4-sqlite; Maintainer for php4-sqlite is (unknown);

Reported by: Sean Finney <seanius@debian.org>

Date: Sun, 22 Apr 2007 12:51:01 UTC

Severity: grave

Tags: etch, sarge, security

Found in versions php4-sqlite/1.0.2-7, php4-sqlite/1.0.2-12

Fixed in version 6:4.4.6-2+rm

Done: Marco Rodrigues <gothicx@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Jose Carlos Medeiros <debian@psabs.com.br>:
Bug#420456; Package php4-sqlite. (full text, mbox, link).

Acknowledgement sent to Sean Finney <seanius@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Jose Carlos Medeiros <debian@psabs.com.br>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Sean Finney <seanius@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php4-sqlite: sqlite_udf_decode_binary() Buffer Overflow Vulnerability
Date: Sun, 22 Apr 2007 14:47:58 +0200
Package: php4-sqlite
Version: 1.0.2-7
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

see MOPB 41 at php-security.org, or CVE-2007-1887.  the testing-security
team has a patch dug up that ought to fix this, though we haven't tested
it yet against php4-sqlite.

there's a large chunk of other core php MOPB fixes i'll be preparing,
but if i get all of them done before hearing back from you i'll start
on this one.  otherwise feel free to find us in #debian-security to get
our patch.


	sean

- -- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGK1l+ynjLPm522B0RAnFyAJ9N6mV0SV+6oVcrOCqC3CO81vkqTgCfZ41w
JZ7u975XnMtrWt6rn3gIytE=
=NX3E
-----END PGP SIGNATURE-----

Reply sent to Martin Michlmayr <tbm@cyrius.com>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Sean Finney <seanius@debian.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 420456-done@bugs.debian.org (full text, mbox, reply):

From: Martin Michlmayr <tbm@cyrius.com>
To: 302305-done@bugs.debian.org, 335835-done@bugs.debian.org, 418306-done@bugs.debian.org, 420456-done@bugs.debian.org
Subject: Removed
Date: Mon, 16 Jul 2007 18:23:20 +0200
This package has been removed from Debian unstable.  I'm therefore
closing this bug report.  The package has been removed because it
PHP4 has been removed.

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug marked as found in version 1.0.2-12 and reopened. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Mon, 16 Jul 2007 18:30:02 GMT) (full text, mbox, link).

Tags added: sarge, etch Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Fri, 20 Jul 2007 23:24:01 GMT) (full text, mbox, link).

Reply sent to Marco Rodrigues <gothicx@gmail.com>:
You have taken responsibility. (Thu, 25 Mar 2010 20:54:08 GMT) (full text, mbox, link).

Notification sent to Sean Finney <seanius@debian.org>:
Bug acknowledged by developer. (Thu, 25 Mar 2010 20:54:08 GMT) (full text, mbox, link).

Message #19 received at 420456-done@bugs.debian.org (full text, mbox, reply):

From: Marco Rodrigues <gothicx@gmail.com>
To: 420456-done@bugs.debian.org
Subject: Package php4-sqlite has been removed from Debian
Date: Wed, 24 Mar 2010 20:50:10 +0000 (WET)
Version: 6:4.4.6-2+rm

You filed the bug http://bugs.debian.org/420456 in Debian BTS
against the package php4-sqlite. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/428266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 23 Apr 2010 07:34:46 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:07:58 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started