Debian Bug report logs - #323366
SECURITY: XML::RPC remote code injections (CAN-2005-2498)

version graph

Package: php4; Maintainer for php4 is (unknown);

Reported by: Christian Hammers <ch@debian.org>

Date: Tue, 16 Aug 2005 09:48:06 UTC

Severity: grave

Tags: security

Found in version php4/4:4.3.10-15

Fixed in versions php4/4:4.3.10-16, php4/4:4.4.0-2

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#323366; Package php4. Full text and rfc822 format available.

Acknowledgement sent to Christian Hammers <ch@debian.org>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: SECURITY: XML::RPC remote code injections (CAN-2005-2498)
Date: Tue, 16 Aug 2005 11:36:22 +0200
Package: php4
Version: 4:4.3.10-15
Severity: grave
Tags: security

Hello

A security flaw in XML::RPC has become known. From the version numbers
it seems to affect Debian. (I did not check which distributions and packages
exactly though).

More information is available here:

	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
	(not yet)


	Advisory: PEAR XML_RPC Remote PHP Code Injection Vulnerability
	Application: PEAR XML_RPC <= 1.3.3
     	Severity: A malformed XMLRPC request can result in execution
                  of arbitrary injected PHP code
	References: http://www.hardened-php.net/advisory_142005.66.html


	Advisory: PHPXMLRPC Remote PHP Code Injection Vulnerability
	Application: PHPXMLRPC <= 1.1.1
	Severity: A malformed XMLRPC request can result in execution
                  of arbitrary injected PHP code
	References: http://www.hardened-php.net/advisory_152005.67.html

bye,

-christian-



-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (9999, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15) (ignored: LC_ALL set to de_DE@euro)

Versions of packages php4 depends on:
ii  libapache-mod-php4           4:4.3.10-15 server-side, HTML-embedded scripti
ii  php4-common                  4:4.3.10-15 Common files for packages built fr

-- debconf information excluded



Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#323366; Package php4. Full text and rfc822 format available.

Acknowledgement sent to Zoran Dzelajlija <jelly@srce.hr>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 323366@bugs.debian.org (full text, mbox):

From: Zoran Dzelajlija <jelly@srce.hr>
To: 323366@bugs.debian.org
Subject: Re: SECURITY: XML::RPC remote code injections (CAN-2005-2498)
Date: Mon, 22 Aug 2005 20:00:47 +0200
Quoting Christian Hammers (ch@debian.org):
> Package: php4
> Version: 4:4.3.10-15
> Severity: grave
> Tags: security
> 
> Hello
> 
> A security flaw in XML::RPC has become known. From the version numbers
> it seems to affect Debian. (I did not check which distributions and packages
> exactly though).
> 
> More information is available here:
> 
> 	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
> 	(not yet)

FWIW, patches from Ubuntu might help:

http://www.ubuntulinux.org/support/documentation/usn/usn-171-1
http://secunia.com/advisories/16512/

Regards,
Zoran



Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#323366; Package php4. Full text and rfc822 format available.

Acknowledgement sent to Adam Conrad <adconrad@0c3.net>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 323366@bugs.debian.org (full text, mbox):

From: Adam Conrad <adconrad@0c3.net>
To: Zoran Dzelajlija <jelly@srce.hr>, 323366@bugs.debian.org
Subject: Re: [php-maint] Bug#323366: SECURITY: XML::RPC remote code injections (CAN-2005-2498)
Date: Tue, 23 Aug 2005 15:24:40 +1000
Zoran Dzelajlija wrote:
> 
> FWIW, patches from Ubuntu might help:

I know, I did the Ubuntu patches.  I need to get the security team in
the loop to get my changes into Debian as well. :/

... Adam



Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#323366; Package php4. Full text and rfc822 format available.

Acknowledgement sent to Zoran Dzelajlija <jelly@srce.hr>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #20 received at 323366@bugs.debian.org (full text, mbox):

From: Zoran Dzelajlija <jelly@srce.hr>
To: Adam Conrad <adconrad@0c3.net>
Cc: Zoran Dzelajlija <jelly@srce.hr>, 323366@bugs.debian.org
Subject: Re: [php-maint] Bug#323366: SECURITY: XML::RPC remote code injections (CAN-2005-2498)
Date: Tue, 23 Aug 2005 14:36:33 +0200
Quoting Adam Conrad (adconrad@0c3.net):
> Zoran Dzelajlija wrote:
> > 
> > FWIW, patches from Ubuntu might help:
> 
> I know, I did the Ubuntu patches. 

Heh, I (obviously) didn't know that.

> I need to get the security team in
> the loop to get my changes into Debian as well. :/

Can I do anything to speed it up?  I've sent a mail to #316447 (the other
XML_RPC bug) + CC to the security team regarding that bug yesterday.  It's
not nice to see these security fixes waiting for two months, especially
since they don't seem to be too problematic (like mozilla-* or kernel
security updates).

Zoran



Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Christian Hammers <ch@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #25 received at 323366-close@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 323366-close@bugs.debian.org
Subject: Bug#323366: fixed in php4 4:4.3.10-16
Date: Mon, 29 Aug 2005 08:32:20 -0700
Source: php4
Source-Version: 4:4.3.10-16

We believe that the bug you reported is fixed in the latest version of
php4, which is due to be installed in the Debian FTP archive:

libapache-mod-php4_4.3.10-16_i386.deb
  to pool/main/p/php4/libapache-mod-php4_4.3.10-16_i386.deb
libapache2-mod-php4_4.3.10-16_i386.deb
  to pool/main/p/php4/libapache2-mod-php4_4.3.10-16_i386.deb
php4-cgi_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-cgi_4.3.10-16_i386.deb
php4-cli_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-cli_4.3.10-16_i386.deb
php4-common_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-common_4.3.10-16_i386.deb
php4-curl_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-curl_4.3.10-16_i386.deb
php4-dev_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-dev_4.3.10-16_i386.deb
php4-domxml_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-domxml_4.3.10-16_i386.deb
php4-gd_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-gd_4.3.10-16_i386.deb
php4-imap_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-imap_4.3.10-16_i386.deb
php4-ldap_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-ldap_4.3.10-16_i386.deb
php4-mcal_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-mcal_4.3.10-16_i386.deb
php4-mhash_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-mhash_4.3.10-16_i386.deb
php4-mysql_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-mysql_4.3.10-16_i386.deb
php4-odbc_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-odbc_4.3.10-16_i386.deb
php4-pear_4.3.10-16_all.deb
  to pool/main/p/php4/php4-pear_4.3.10-16_all.deb
php4-recode_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-recode_4.3.10-16_i386.deb
php4-snmp_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-snmp_4.3.10-16_i386.deb
php4-sybase_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-sybase_4.3.10-16_i386.deb
php4-xslt_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-xslt_4.3.10-16_i386.deb
php4_4.3.10-16.diff.gz
  to pool/main/p/php4/php4_4.3.10-16.diff.gz
php4_4.3.10-16.dsc
  to pool/main/p/php4/php4_4.3.10-16.dsc
php4_4.3.10-16_all.deb
  to pool/main/p/php4/php4_4.3.10-16_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 323366@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated php4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 24 Aug 2005 19:05:10 -0700
Source: php4
Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4-curl php4 php4-pear php4-mcal php4-mhash
Architecture: source i386 all
Version: 4:4.3.10-16
Distribution: stable-security
Urgency: high
Maintainer: Adam Conrad <adconrad@0c3.net>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)
 libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module)
 php4       - server-side, HTML-embedded scripting language (meta-package)
 php4-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php4-cli   - command-line interpreter for the php4 scripting language
 php4-common - Common files for packages built from the php4 source
 php4-curl  - CURL module for php4
 php4-dev   - Files for PHP4 module development
 php4-domxml - XMLv2 module for php4
 php4-gd    - GD module for php4
 php4-imap  - IMAP module for php4
 php4-ldap  - LDAP module for php4
 php4-mcal  - MCAL calendar module for php4
 php4-mhash - MHASH module for php4
 php4-mysql - MySQL module for php4
 php4-odbc  - ODBC module for php4
 php4-pear  - PEAR - PHP Extension and Application Repository
 php4-recode - Character recoding module for php4
 php4-snmp  - SNMP module for php4
 php4-sybase - Sybase / MS SQL Server module for php4
 php4-xslt  - XSLT module for php4
Closes: 316447 323366
Changes: 
 php4 (4:4.3.10-16) stable-security; urgency=high
 .
   Adam Conrad <adconrad@0c3.net>:
   * Patch php4-dev's bundled shtool to use a temporary directory to resolve
     insecure temp file handling, reported in CAN-2005-1751 and CAN-2005-1759.
   * Patch PEAR after it has been installed in debian/php4-pear to resolve
     the XML-RPC vulnerability reported in CAN-2005-1921 (closes: #316447)
   * Backport changes by sesser@php.net and danielc@php.net to resolve another
     remote XML_RPC exploit, as reported in CAN-2005-2498 (closes: #323366)
Files: 
 e57b3e8e7f45104fbb11c833a57a53be 1686 web optional php4_4.3.10-16.dsc
 8a49871b1a36b26bb37c89115496aa23 278625 web optional php4_4.3.10-16.diff.gz
 74768ab0a62b20706266fc601c41b9df 167674 web optional php4-common_4.3.10-16_i386.deb
 38cc33f1a4c6a70af7f6749cdf9694f6 1614254 web optional libapache-mod-php4_4.3.10-16_i386.deb
 bda5e3087f3fa5a30aa7c61b0b959491 17904 web optional php4-curl_4.3.10-16_i386.deb
 6831728b5a0e67dd31df5194f3c8abcd 37242 web optional php4-domxml_4.3.10-16_i386.deb
 ab88aac36edc614390080e28979379e2 32396 web optional php4-gd_4.3.10-16_i386.deb
 53a185bcfe7a7fbb12549cfe2d866155 37378 web optional php4-imap_4.3.10-16_i386.deb
 cac07baa0ff4938c92b7ecd71085f820 19962 web optional php4-ldap_4.3.10-16_i386.deb
 bc8db965206e8cdc77a4127407d2af4c 17680 web optional php4-mcal_4.3.10-16_i386.deb
 68bf5a9ef56c0e7ce315a1c58d2d081c 8046 web optional php4-mhash_4.3.10-16_i386.deb
 17f84133fa9b36f5d64bfd05dd620998 21224 web optional php4-mysql_4.3.10-16_i386.deb
 3570b7f701d50ed2476c89addb1d73d6 27152 web optional php4-odbc_4.3.10-16_i386.deb
 e5dc6dd166607f3e9bd94321ecb6c51e 7712 web optional php4-recode_4.3.10-16_i386.deb
 998bae510bf391d8b94a3619df9e66dc 16402 web optional php4-xslt_4.3.10-16_i386.deb
 feeddae27dbfce70d62058e6cbe5476b 13156 web optional php4-snmp_4.3.10-16_i386.deb
 7251c8bf34e8021e701190812f535676 21384 web optional php4-sybase_4.3.10-16_i386.deb
 d651476ab8d3b5f6019e221fde718aba 3208880 web optional php4-cgi_4.3.10-16_i386.deb
 782899c50e02e31683263367bab3d27f 1609418 web optional php4-cli_4.3.10-16_i386.deb
 cc9fa332fb4a3bcf50e18fe7dfc30ce5 325322 devel optional php4-dev_4.3.10-16_i386.deb
 4a4aaabcccc850497c66ebacac23e627 1611958 web optional libapache2-mod-php4_4.3.10-16_i386.deb
 a280716fde4fd6d05dddeaff37a49d54 1148 web optional php4_4.3.10-16_all.deb
 0bca8d85163399f864cf13a1ac3f2884 250902 web optional php4-pear_4.3.10-16_all.deb
 73f5d1f42e34efa534a09c6091b5a21e 4892209 web optional php4_4.3.10.orig.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDDrizW5ql+IAeqTIRAjr4AJ0V5HkRaUQficdgExAVLO4/Hn7nzACeN7Ar
wA6AIBsQ4AdAZu+o93aE4lE=
=IYc4
-----END PGP SIGNATURE-----




Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Christian Hammers <ch@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #30 received at 323366-close@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 323366-close@bugs.debian.org
Subject: Bug#323366: fixed in php4 4:4.3.10-16
Date: Fri, 16 Dec 2005 21:36:14 -0800
Source: php4
Source-Version: 4:4.3.10-16

We believe that the bug you reported is fixed in the latest version of
php4, which is due to be installed in the Debian FTP archive:

libapache-mod-php4_4.3.10-16_i386.deb
  to pool/main/p/php4/libapache-mod-php4_4.3.10-16_i386.deb
libapache2-mod-php4_4.3.10-16_i386.deb
  to pool/main/p/php4/libapache2-mod-php4_4.3.10-16_i386.deb
php4-cgi_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-cgi_4.3.10-16_i386.deb
php4-cli_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-cli_4.3.10-16_i386.deb
php4-common_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-common_4.3.10-16_i386.deb
php4-curl_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-curl_4.3.10-16_i386.deb
php4-dev_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-dev_4.3.10-16_i386.deb
php4-domxml_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-domxml_4.3.10-16_i386.deb
php4-gd_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-gd_4.3.10-16_i386.deb
php4-imap_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-imap_4.3.10-16_i386.deb
php4-ldap_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-ldap_4.3.10-16_i386.deb
php4-mcal_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-mcal_4.3.10-16_i386.deb
php4-mhash_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-mhash_4.3.10-16_i386.deb
php4-mysql_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-mysql_4.3.10-16_i386.deb
php4-odbc_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-odbc_4.3.10-16_i386.deb
php4-pear_4.3.10-16_all.deb
  to pool/main/p/php4/php4-pear_4.3.10-16_all.deb
php4-recode_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-recode_4.3.10-16_i386.deb
php4-snmp_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-snmp_4.3.10-16_i386.deb
php4-sybase_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-sybase_4.3.10-16_i386.deb
php4-xslt_4.3.10-16_i386.deb
  to pool/main/p/php4/php4-xslt_4.3.10-16_i386.deb
php4_4.3.10-16.diff.gz
  to pool/main/p/php4/php4_4.3.10-16.diff.gz
php4_4.3.10-16.dsc
  to pool/main/p/php4/php4_4.3.10-16.dsc
php4_4.3.10-16_all.deb
  to pool/main/p/php4/php4_4.3.10-16_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 323366@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated php4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 24 Aug 2005 19:05:10 -0700
Source: php4
Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4-curl php4 php4-pear php4-mcal php4-mhash
Architecture: source i386 all
Version: 4:4.3.10-16
Distribution: stable-security
Urgency: high
Maintainer: Adam Conrad <adconrad@0c3.net>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)
 libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module)
 php4       - server-side, HTML-embedded scripting language (meta-package)
 php4-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php4-cli   - command-line interpreter for the php4 scripting language
 php4-common - Common files for packages built from the php4 source
 php4-curl  - CURL module for php4
 php4-dev   - Files for PHP4 module development
 php4-domxml - XMLv2 module for php4
 php4-gd    - GD module for php4
 php4-imap  - IMAP module for php4
 php4-ldap  - LDAP module for php4
 php4-mcal  - MCAL calendar module for php4
 php4-mhash - MHASH module for php4
 php4-mysql - MySQL module for php4
 php4-odbc  - ODBC module for php4
 php4-pear  - PEAR - PHP Extension and Application Repository
 php4-recode - Character recoding module for php4
 php4-snmp  - SNMP module for php4
 php4-sybase - Sybase / MS SQL Server module for php4
 php4-xslt  - XSLT module for php4
Closes: 316447 323366
Changes: 
 php4 (4:4.3.10-16) stable-security; urgency=high
 .
   Adam Conrad <adconrad@0c3.net>:
   * Patch php4-dev's bundled shtool to use a temporary directory to resolve
     insecure temp file handling, reported in CAN-2005-1751 and CAN-2005-1759.
   * Patch PEAR after it has been installed in debian/php4-pear to resolve
     the XML-RPC vulnerability reported in CAN-2005-1921 (closes: #316447)
   * Backport changes by sesser@php.net and danielc@php.net to resolve another
     remote XML_RPC exploit, as reported in CAN-2005-2498 (closes: #323366)
Files: 
 e57b3e8e7f45104fbb11c833a57a53be 1686 web optional php4_4.3.10-16.dsc
 8a49871b1a36b26bb37c89115496aa23 278625 web optional php4_4.3.10-16.diff.gz
 74768ab0a62b20706266fc601c41b9df 167674 web optional php4-common_4.3.10-16_i386.deb
 38cc33f1a4c6a70af7f6749cdf9694f6 1614254 web optional libapache-mod-php4_4.3.10-16_i386.deb
 bda5e3087f3fa5a30aa7c61b0b959491 17904 web optional php4-curl_4.3.10-16_i386.deb
 6831728b5a0e67dd31df5194f3c8abcd 37242 web optional php4-domxml_4.3.10-16_i386.deb
 ab88aac36edc614390080e28979379e2 32396 web optional php4-gd_4.3.10-16_i386.deb
 53a185bcfe7a7fbb12549cfe2d866155 37378 web optional php4-imap_4.3.10-16_i386.deb
 cac07baa0ff4938c92b7ecd71085f820 19962 web optional php4-ldap_4.3.10-16_i386.deb
 bc8db965206e8cdc77a4127407d2af4c 17680 web optional php4-mcal_4.3.10-16_i386.deb
 68bf5a9ef56c0e7ce315a1c58d2d081c 8046 web optional php4-mhash_4.3.10-16_i386.deb
 17f84133fa9b36f5d64bfd05dd620998 21224 web optional php4-mysql_4.3.10-16_i386.deb
 3570b7f701d50ed2476c89addb1d73d6 27152 web optional php4-odbc_4.3.10-16_i386.deb
 e5dc6dd166607f3e9bd94321ecb6c51e 7712 web optional php4-recode_4.3.10-16_i386.deb
 998bae510bf391d8b94a3619df9e66dc 16402 web optional php4-xslt_4.3.10-16_i386.deb
 feeddae27dbfce70d62058e6cbe5476b 13156 web optional php4-snmp_4.3.10-16_i386.deb
 7251c8bf34e8021e701190812f535676 21384 web optional php4-sybase_4.3.10-16_i386.deb
 d651476ab8d3b5f6019e221fde718aba 3208880 web optional php4-cgi_4.3.10-16_i386.deb
 782899c50e02e31683263367bab3d27f 1609418 web optional php4-cli_4.3.10-16_i386.deb
 cc9fa332fb4a3bcf50e18fe7dfc30ce5 325322 devel optional php4-dev_4.3.10-16_i386.deb
 4a4aaabcccc850497c66ebacac23e627 1611958 web optional libapache2-mod-php4_4.3.10-16_i386.deb
 a280716fde4fd6d05dddeaff37a49d54 1148 web optional php4_4.3.10-16_all.deb
 0bca8d85163399f864cf13a1ac3f2884 250902 web optional php4-pear_4.3.10-16_all.deb
 73f5d1f42e34efa534a09c6091b5a21e 4892209 web optional php4_4.3.10.orig.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDDrizW5ql+IAeqTIRAjr4AJ0V5HkRaUQficdgExAVLO4/Hn7nzACeN7Ar
wA6AIBsQ4AdAZu+o93aE4lE=
=IYc4
-----END PGP SIGNATURE-----




Bug marked as fixed in version 4:4.4.0-2, send any further explanations to Christian Hammers <ch@debian.org> Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 06:51:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 10:01:22 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.