Debian Bug report logs - #511493
CVE-2008-5557: buffer overflow

version graph

Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>; Source for php5 is src:php5.

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Sun, 11 Jan 2009 15:33:01 UTC

Severity: grave

Tags: patch, pending, security

Found in versions php5/5.2.5-3, 5.0.2-0.1

Fixed in versions 5.2.6.dfsg.1-2, 5.2.6.dfsg.1-1+lenny1

Done: sean finney <seanius@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#511493; Package php5. (Sun, 11 Jan 2009 15:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sun, 11 Jan 2009 15:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-5557: buffer overflow
Date: Sun, 11 Jan 2009 10:30:20 -0500
Package: php5
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for php5.

CVE-2008-5557[0]:
| Heap-based buffer overflow in
| ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring
| extension in PHP 4.3.0 through 5.2.6 allows context-dependent
| attackers to execute arbitrary code via a crafted string containing an
| HTML entity, which is not properly handled during Unicode conversion,
| related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3)
| mb_convert_variables, and (4) mb_parse_str functions.

There are some more information available in the php bugreport[1],
including the PoC which seems to work.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
    http://security-tracker.debian.net/tracker/CVE-2008-5557
[1] http://bugs.php.net/bug.php?id=45722




Tags added: pending Request was from Sean Finney <seanius@alioth.debian.org> to control@bugs.debian.org. (Sun, 11 Jan 2009 19:21:03 GMT) Full text and rfc822 format available.

Tags added: pending Request was from Sean Finney <seanius@alioth.debian.org> to control@bugs.debian.org. (Sun, 11 Jan 2009 21:30:06 GMT) Full text and rfc822 format available.

Reply sent to sean finney <seanius@debian.org>:
You have taken responsibility. (Tue, 13 Jan 2009 21:24:08 GMT) Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Tue, 13 Jan 2009 21:24:09 GMT) Full text and rfc822 format available.

Message #14 received at 511493-done@bugs.debian.org (full text, mbox):

From: sean finney <seanius@debian.org>
To: 511493-done@bugs.debian.org
Subject: Re: [php-maint] Bug#511493: CVE-2008-5557: buffer overflow
Date: Tue, 13 Jan 2009 22:21:41 +0100
[Message part 1 (text/plain, inline)]
Version: 5.2.6.dfsg.1-2

fixed in unstable.  an upload was skipped so closing manually.

	sean
[signature.asc (application/pgp-signature, inline)]

Bug marked as found in version 5.2.5-3. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 14 Jan 2009 08:33:02 GMT) Full text and rfc822 format available.

Bug marked as found in version 5.0.2-0.1. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 14 Jan 2009 08:33:03 GMT) Full text and rfc822 format available.

Reply sent to sean finney <seanius@debian.org>:
You have taken responsibility. (Sat, 28 Feb 2009 19:42:05 GMT) Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Sat, 28 Feb 2009 19:42:09 GMT) Full text and rfc822 format available.

Message #23 received at 511493-done@bugs.debian.org (full text, mbox):

From: sean finney <seanius@debian.org>
To: 511493-done@bugs.debian.org, 511049-done@bugs.debian.org, 508989-done@bugs.debian.org
Subject: fixed in previous version but not recorded
Date: Sat, 28 Feb 2009 20:40:27 +0100
[Message part 1 (text/plain, inline)]
Version: 5.2.6.dfsg.1-1+lenny1

The following bugs are fixed in lenny, but were not recorded as such because
there was an unreleased version in between uploads which was not automatically
processed for Closes: lines.
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Mar 2009 07:37:16 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Tue, 28 Apr 2009 17:45:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#511493; Package php5. (Tue, 28 Apr 2009 18:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sean Finney <seanius@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Tue, 28 Apr 2009 18:03:05 GMT) Full text and rfc822 format available.

Message #32 received at 511493@bugs.debian.org (full text, mbox):

From: Sean Finney <seanius@debian.org>
To: 511493@bugs.debian.org
Cc: ,control@bugs.debian.org
Subject: [debian/debian-etch] fix for CVE-2008-5557: Heap based overflow in mbstring extension
Date: Tue, 28 Apr 2009 18:00:43 +0000
tag 511493 pending
thanks

Date: Tue Apr 28 19:43:55 2009 +0200
Author: Sean Finney <seanius@debian.org>
Commit ID: abafc5330cede8260890b3083b739891bd029d62
Commit URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=abafc5330cede8260890b3083b739891bd029d62
Patch URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff_plain;h=abafc5330cede8260890b3083b739891bd029d62

    fix for CVE-2008-5557: Heap based overflow in mbstring extension

    this was imported from the dapper 5.1.2-1ubuntu3.13 security update

    Closes: #511493
      




Tags added: pending Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Tue, 28 Apr 2009 18:03:09 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 May 2009 07:32:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 12:38:54 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.