Debian Bug report logs - #354683
PHP4 in Sarge appears vulnerable to CVE-2006-0207

version graph

Package: php4; Maintainer for php4 is (unknown);

Reported by: "Nick Jenkins" <nickpj@gmail.com>

Date: Tue, 28 Feb 2006 04:48:19 UTC

Severity: normal

Tags: security

Found in version 4:4.3.10-16

Fixed in version php4/4:4.4.2

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Full log


Message #19 received at control@bugs.debian.org (full text, mbox, reply):

Received: (at control) by bugs.debian.org; 26 Apr 2006 12:17:38 +0000
From mpokrywka@hoga.pl Wed Apr 26 05:17:38 2006
Return-path: <mpokrywka@hoga.pl>
Received: from pop3.hoga.pl ([212.244.112.151])
	by spohr.debian.org with smtp (Exim 4.50)
	id 1FYixe-0007bN-7H
	for control@bugs.debian.org; Wed, 26 Apr 2006 05:17:38 -0700
X-Mailer: InfocityWebMail ver. 04.2006
Thread-Topic: Sarge not vulnerable to CVE-2006-0207
Received: from 83.14.228.10 by mpokrywka@hoga.pl with Infocity WebMailServer; Wed, 26 Apr 2006 14:16:14 +0200
X-Priority: 3
thread-index: AcZpKzaXqhtVnxvWQbKEyAIwFh7VrQ==
From: "Michal Pokrywka" <mpokrywka@hoga.pl>
To: <control@bugs.debian.org>
Subject: Sarge not vulnerable to CVE-2006-0207
Date: Wed, 26 Apr 2006 14:16:14 +0200
Message-ID: <2913.20060426141614.mpokrywka@hoga.pl>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663
Delivered-To: control@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=4.0 tests=BAYES_44,MISSING_OUTLOOK_NAME 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
notfound 354683 4:4.3.10-16
quit

Sarge is not vulnerable, see original advisory:
http://www.hardened-php.net/advisory_012006.112.html

Frsirt's advisory covers CVE-2006-0200, CVE-2006-0207 and CVE-2006-0208,
only CVE-2006-0208 covers PHP4 and Sarge.
Regards



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 02:57:06 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.