Debian Bug report logs - #530914
CVE-2008-5498: Array index error in the imageRotate function in PHP 5.2.8 and earlier

version graph

Package: php5; Maintainer for php5 is (unknown);

Reported by: Aenoch Lynn <aenoch_lynn@yahoo.com>

Date: Thu, 28 May 2009 18:30:02 UTC

Severity: wishlist

Tags: patch

Found in version 5.2.6.dfsg.1-1+lenny3

Done: Raphael Geissert <geissert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#530914; Package php5. (Thu, 28 May 2009 18:30:04 GMT) (full text, mbox, link).

Acknowledgement sent to Aenoch Lynn <aenoch_lynn@yahoo.com>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 28 May 2009 18:30:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Aenoch Lynn <aenoch_lynn@yahoo.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-5498: Array index error in the imageRotate function in PHP 5.2.8 and earlier
Date: Thu, 28 May 2009 11:27:43 -0700
Package: php5
Version: 5.2.6.dfsg.1-1+lenny3
Severity: normal
Tags: patch


CVE-2008-5498 describes a potential remote vulnerability in imageRoate:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498

A PCI scan found this a Medium severity and I need this fixed to pass the scan.

Patch from upstream:

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.23&r2=1.90.2.1.2.24&sortby=date&view=patch

--- /repository/php-src/ext/gd/libgd/gd.c 2008/07/31 09:22:17  1.90.2.1.2.23
+++ /repository/php-src/ext/gd/libgd/gd.c 2008/12/10 13:33:10  1.90.2.1.2.24
@@ -3136,7 +3136,7 @@
      return NULL;
         }
 
-  if (!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) {
   +  if (!gdImageTrueColor(src) && (clrBack < 0 || clrBack>=gdImageColorsTotal(src))) {
            return NULL;
               }
    



-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: powerpc (ppc64)

Kernel: Linux 2.6.26-2-powerpc64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#530914; Package php5. (Thu, 28 May 2009 20:12:02 GMT) (full text, mbox, link).

Message #8 received at 530914@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <atomo64@gmail.com>
To: Aenoch Lynn <aenoch_lynn@yahoo.com>, 530914@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: [php-maint] Bug#530914: CVE-2008-5498: Array index error in the imageRotate function in PHP 5.2.8 and earlier
Date: Thu, 28 May 2009 15:06:19 -0500
severity 530914 wishlist
thanks

Hi,

On Thursday 28 May 2009 13:27:43 Aenoch Lynn wrote:
[...]
> CVE-2008-5498 describes a potential remote vulnerability in imageRoate:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
>
> A PCI scan found this a Medium severity and I need this fixed to pass the
> scan.

Thanks :), but the packages are not affected.
When performing such scans on packages in Debian you should take a look at our 
security tracker (if you find any inconsistencies don't hesitate to contact 
the security team, though), it will make your life easier.

The report of this issue is 
http://security-tracker.debian.net/tracker/CVE-2008-5498

> Notes
> - php5 <not-affected> (php5 links to the shared lib)
> - libgd2 <not-affected> (code is specific to php's libgd)
> http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027
>.2.547.2.1361

Since we don't use the embedded library I don't think this will be fixed in 
lenny (and squeeze/sid is already at .9), but leaving the report open for 
other members of the PHP team to express their opinion.

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Severity set to `wishlist' from `normal' Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Thu, 28 May 2009 20:12:05 GMT) (full text, mbox, link).

Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Thu, 13 Aug 2009 22:27:22 GMT) (full text, mbox, link).

Notification sent to Aenoch Lynn <aenoch_lynn@yahoo.com>:
Bug acknowledged by developer. (Thu, 13 Aug 2009 22:27:26 GMT) (full text, mbox, link).

Message #15 received at 530914-done@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>
To: 530914-done@bugs.debian.org
Subject: Re: [php-maint] Bug#530914: CVE-2008-5498: Array index error in the imageRotate function in PHP 5.2.8 and earlier
Date: Thu, 13 Aug 2009 17:26:56 -0500
Hi,

I'm closing this report since nobody seems to be interested in it.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 11 Sep 2009 07:43:24 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 02:01:19 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.