Debian Bug report logs - #535888
php: segfaults on corrupted jpeg files

version graph

Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>; Source for php5 is src:php5.

Reported by: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Date: Sun, 5 Jul 2009 19:57:04 UTC

Severity: important

Tags: security

Merged with 540611

Found in versions php5/5.2.0-8+etch13, php5/5.2.6.dfsg.1-1+lenny3, php5/5.2.9.dfsg.1-4

Fixed in versions 5.2.10.dfsg.1-2, php5/5.3.0-1, php5/5.2.6.dfsg.1-1+lenny4, php5/5.2.0+dfsg-8+etch16

Done: Raphael Geissert <geissert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Sun, 05 Jul 2009 19:57:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sun, 05 Jul 2009 19:57:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: php: segfaults on corrupted jpeg files
Date: Sun, 5 Jul 2009 15:45:50 -0400
package: php5
version: 5.2.0-8+etch13
severity: important
tags: security

hello,

php has is vulnerable to segfaulting on certain corrupted jpegs [1].
this is likely fixed in 5.3.0 since the commit to svn was made on May
28, but i haven't check the code to determine whether this is the case
or not.

[1] http://bugs.php.net/bug.php?id=48378




Bug 535888 cloned as bug 535897. Request was from "Michael S. Gilbert" <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Sun, 05 Jul 2009 20:06:16 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Thu, 09 Jul 2009 03:06:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <atomo64@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 09 Jul 2009 03:06:05 GMT) Full text and rfc822 format available.

Message #12 received at 535888@bugs.debian.org (full text, mbox):

From: Raphael Geissert <atomo64@gmail.com>
To: 535888@bugs.debian.org
Cc: ,control@bugs.debian.org
Subject: [debian/debian-sid] Fix a segfault on exif_data_read with corrupted jpeg files (Closes: #535888)
Date: Thu, 09 Jul 2009 02:57:33 +0000
tag 535888 pending
thanks

Date: Wed Jul 8 20:43:23 2009 -0500
Author: Raphael Geissert <atomo64@gmail.com>
Commit ID: 8615d344b20548e27ffbddd78e303af8c9a90859
Commit URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=8615d344b20548e27ffbddd78e303af8c9a90859
Patch URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff_plain;h=8615d344b20548e27ffbddd78e303af8c9a90859

    Fix a segfault on exif_data_read with corrupted jpeg files (Closes: #535888)

    Patch cherry-picked from upstream. Thanks to Michael S. Gilbert for the
    report.
      




Tags added: pending Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Thu, 09 Jul 2009 03:06:08 GMT) Full text and rfc822 format available.

Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Fri, 10 Jul 2009 01:24:10 GMT) Full text and rfc822 format available.

Notification sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Fri, 10 Jul 2009 01:24:10 GMT) Full text and rfc822 format available.

Message #19 received at 535888-close@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 535888-close@bugs.debian.org
Subject: Bug#535888: fixed in php5 5.2.10.dfsg.1-2
Date: Fri, 10 Jul 2009 01:17:19 +0000
Source: php5
Source-Version: 5.2.10.dfsg.1-2

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache2-mod-php5_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/libapache2-mod-php5_5.2.10.dfsg.1-2_i386.deb
libapache2-mod-php5filter_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/libapache2-mod-php5filter_5.2.10.dfsg.1-2_i386.deb
php-pear_5.2.10.dfsg.1-2_all.deb
  to pool/main/p/php5/php-pear_5.2.10.dfsg.1-2_all.deb
php5-cgi_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-cgi_5.2.10.dfsg.1-2_i386.deb
php5-cli_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-cli_5.2.10.dfsg.1-2_i386.deb
php5-common_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-common_5.2.10.dfsg.1-2_i386.deb
php5-curl_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-curl_5.2.10.dfsg.1-2_i386.deb
php5-dbg_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-dbg_5.2.10.dfsg.1-2_i386.deb
php5-dev_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-dev_5.2.10.dfsg.1-2_i386.deb
php5-gd_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-gd_5.2.10.dfsg.1-2_i386.deb
php5-gmp_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-gmp_5.2.10.dfsg.1-2_i386.deb
php5-imap_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-imap_5.2.10.dfsg.1-2_i386.deb
php5-interbase_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-interbase_5.2.10.dfsg.1-2_i386.deb
php5-ldap_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-ldap_5.2.10.dfsg.1-2_i386.deb
php5-mcrypt_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-mcrypt_5.2.10.dfsg.1-2_i386.deb
php5-mhash_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-mhash_5.2.10.dfsg.1-2_i386.deb
php5-mysql_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-mysql_5.2.10.dfsg.1-2_i386.deb
php5-odbc_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-odbc_5.2.10.dfsg.1-2_i386.deb
php5-pgsql_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-pgsql_5.2.10.dfsg.1-2_i386.deb
php5-pspell_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-pspell_5.2.10.dfsg.1-2_i386.deb
php5-recode_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-recode_5.2.10.dfsg.1-2_i386.deb
php5-snmp_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-snmp_5.2.10.dfsg.1-2_i386.deb
php5-sqlite_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-sqlite_5.2.10.dfsg.1-2_i386.deb
php5-sybase_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-sybase_5.2.10.dfsg.1-2_i386.deb
php5-tidy_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-tidy_5.2.10.dfsg.1-2_i386.deb
php5-xmlrpc_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-xmlrpc_5.2.10.dfsg.1-2_i386.deb
php5-xsl_5.2.10.dfsg.1-2_i386.deb
  to pool/main/p/php5/php5-xsl_5.2.10.dfsg.1-2_i386.deb
php5_5.2.10.dfsg.1-2.diff.gz
  to pool/main/p/php5/php5_5.2.10.dfsg.1-2.diff.gz
php5_5.2.10.dfsg.1-2.dsc
  to pool/main/p/php5/php5_5.2.10.dfsg.1-2.dsc
php5_5.2.10.dfsg.1-2_all.deb
  to pool/main/p/php5/php5_5.2.10.dfsg.1-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535888@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Geissert <geissert@debian.org> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 09 Jul 2009 18:25:48 -0500
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-imap php5-interbase php5-ldap php5-mcrypt php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source i386 all
Version: 5.2.10.dfsg.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geissert@debian.org>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-gmp   - GMP module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 507762 529760 534621 534881 535888
Changes: 
 php5 (5.2.10.dfsg.1-2) unstable; urgency=low
 .
   * Declare that PEAR replaces XML_UTIL (Closes: #534621)
   * Bump standards-version, no change needed
   * Fix an unconditional limit on dblib_driver.c (Closes: #534881)
   * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888)
   * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760)
   * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR
   * Add myself to uploaders
   * Fix the path to PEAR's config, directly in rules (Closes: #507762)
Checksums-Sha1: 
 5a069e67212d3b8c8b9c32066f3505e8cd848a97 2554 php5_5.2.10.dfsg.1-2.dsc
 e74760be023d53729e159f42805d992a5f1f693e 141259 php5_5.2.10.dfsg.1-2.diff.gz
 c09854f80eaeb70a6d38c36b2b4cb15fd0111c6d 417342 php5-common_5.2.10.dfsg.1-2_i386.deb
 68e9f11901d82eee33b8e191524aeafe624f81df 2487930 libapache2-mod-php5_5.2.10.dfsg.1-2_i386.deb
 4bcc182292a423f2faf4abffcfa0ebee4fa00fe5 2486516 libapache2-mod-php5filter_5.2.10.dfsg.1-2_i386.deb
 d326edf3b0ba571eafeb918ed5e9e5a9fa757c4f 4923258 php5-cgi_5.2.10.dfsg.1-2_i386.deb
 822748306b4ce2cafaef79499a51d47f104f5af0 2477372 php5-cli_5.2.10.dfsg.1-2_i386.deb
 8fbeb51775c2096e1ffdcddd103f18b957cc202e 370240 php5-dev_5.2.10.dfsg.1-2_i386.deb
 b9b6874d67f01305592384285c42f1828d92856a 8606088 php5-dbg_5.2.10.dfsg.1-2_i386.deb
 1bc74c199801ac58f21320088b2af61d1e1b054e 23880 php5-curl_5.2.10.dfsg.1-2_i386.deb
 5bef02a0fed92560ee099999e4d49eade6e8a2b2 32096 php5-gd_5.2.10.dfsg.1-2_i386.deb
 8bf124d9b7d435141f518caac5aff2e9a6b9bf04 13978 php5-gmp_5.2.10.dfsg.1-2_i386.deb
 673da41e529d89e4f730dbd4e9ca75ace12f9ab2 34308 php5-imap_5.2.10.dfsg.1-2_i386.deb
 51bc73bcc0228a807f0e8f1a6d87a6762a126037 44662 php5-interbase_5.2.10.dfsg.1-2_i386.deb
 3b2796d21176cf9741630ba8df5e136c4ef3f4b8 18074 php5-ldap_5.2.10.dfsg.1-2_i386.deb
 81dbb2b8eb44037dda7dea9d992cb29e5ca0569b 12896 php5-mcrypt_5.2.10.dfsg.1-2_i386.deb
 59067da5523f5bd5eac525a65824114911553b11 5104 php5-mhash_5.2.10.dfsg.1-2_i386.deb
 28fbb0e2aeac477e16d7f9033c355537239d555e 65138 php5-mysql_5.2.10.dfsg.1-2_i386.deb
 19c7620ff24e6f4fcfe22ff921498a3c5cf4b5db 33492 php5-odbc_5.2.10.dfsg.1-2_i386.deb
 bfb2fc49d7862aba16ed3d521731e68324d194bf 52054 php5-pgsql_5.2.10.dfsg.1-2_i386.deb
 58ea6095f714404d17766a9d41b3b8906c3cadbf 8438 php5-pspell_5.2.10.dfsg.1-2_i386.deb
 96704f766cf09c2d293f9b07c4f59d0165583821 4822 php5-recode_5.2.10.dfsg.1-2_i386.deb
 284df195596410e659afda88d099f2f058ea6797 11668 php5-snmp_5.2.10.dfsg.1-2_i386.deb
 e72e0db37bbfbed61b0191c816c242707e804bac 34268 php5-sqlite_5.2.10.dfsg.1-2_i386.deb
 9e047ecd6e8db0d82553718aa6d6aba1b6718b63 25438 php5-sybase_5.2.10.dfsg.1-2_i386.deb
 23d3a25b6d4cb5e1e244fcf0bcc5e5e94f2da969 16446 php5-tidy_5.2.10.dfsg.1-2_i386.deb
 5f120961497471944b9294a1470f1ed231589767 37148 php5-xmlrpc_5.2.10.dfsg.1-2_i386.deb
 709265d0cb82c242753c3e1acefa1f1deb993fa4 12674 php5-xsl_5.2.10.dfsg.1-2_i386.deb
 a5f3533e55de73accc54b0e55d6a7b8578716dfc 1078 php5_5.2.10.dfsg.1-2_all.deb
 07dd9426780d4ff1d7c740a1bdf1714b790bd130 337462 php-pear_5.2.10.dfsg.1-2_all.deb
Checksums-Sha256: 
 c22e92c93c18d1c0a795b8c56bb1012d5b9a068a677463fe7e9bae0d659174ef 2554 php5_5.2.10.dfsg.1-2.dsc
 9ddb165c9185af620c83c603f9ef5eac1b0d9b5e699cbb5e8094a1324852f82e 141259 php5_5.2.10.dfsg.1-2.diff.gz
 c320af9f6b5809e23adbfee36ade929e5527985ed3b60fd7ecf1dbe2fcce417e 417342 php5-common_5.2.10.dfsg.1-2_i386.deb
 e763f9da03a93b3b6b88e7372bc535d949e80682c5aa45000ba56a61e37d403d 2487930 libapache2-mod-php5_5.2.10.dfsg.1-2_i386.deb
 244c63c037f1d2b6cf76124d0c4ac2fd13a62a1099b9056b1bb27693b90c0c3b 2486516 libapache2-mod-php5filter_5.2.10.dfsg.1-2_i386.deb
 d756176805b60f7a4ab538df5a4874b67540100a608c0f3819d41eca7d44c8b1 4923258 php5-cgi_5.2.10.dfsg.1-2_i386.deb
 5ad99ba3493be4f4ed7457c9b82bf3fee957441c0c259cb8f5994d699a0b6102 2477372 php5-cli_5.2.10.dfsg.1-2_i386.deb
 f14f62c7b9b5b241cc4c0868d6eb602a11b6360e1bdf981f5de05c0a8738bb67 370240 php5-dev_5.2.10.dfsg.1-2_i386.deb
 130cf1ff32c1150f55281fcec623bcb7d7b8dc6d11abaf53489850b56086d512 8606088 php5-dbg_5.2.10.dfsg.1-2_i386.deb
 9c28783b2cbf4ec40eb0df290c162676dbc8f84be5d2504ef563fb7571aa6129 23880 php5-curl_5.2.10.dfsg.1-2_i386.deb
 173123b139b065085d6eec789cdf316f6129dd5835367586ed14d9800a5bb878 32096 php5-gd_5.2.10.dfsg.1-2_i386.deb
 93b1833d60228cc95eb416637391dec862329c3849822ddbd5d6579438f95992 13978 php5-gmp_5.2.10.dfsg.1-2_i386.deb
 c39733b9ca62f49829b662427e93a4c978cd22748b8c140ab9fd8323388570c4 34308 php5-imap_5.2.10.dfsg.1-2_i386.deb
 1ddac9a21bd209d8acc59feb403c0cdba86944732345960a56f75a9794656456 44662 php5-interbase_5.2.10.dfsg.1-2_i386.deb
 2e3307a64708bbadf4490871a43e08df9ba3d107bcc33df8ccc8c2424a5432f1 18074 php5-ldap_5.2.10.dfsg.1-2_i386.deb
 859dbae28648434cd848f337c22a5f74cd4940d5b721134a79aa9740ab63e4cd 12896 php5-mcrypt_5.2.10.dfsg.1-2_i386.deb
 942d5cdfc429d2ef2633a4e51257ce22cbe75fc712539e20613ce66251a186af 5104 php5-mhash_5.2.10.dfsg.1-2_i386.deb
 bfd287c902ae3aafb71a76e71428ddc7a616694ea8ec3edaed70b537d49a33ed 65138 php5-mysql_5.2.10.dfsg.1-2_i386.deb
 d814a2755650028fcd8fc99600fa6da8248d0ed35b1b811ee0655ca373187199 33492 php5-odbc_5.2.10.dfsg.1-2_i386.deb
 cd0c1155084df8c8d1495977220c434ef02f574a96cc8ebf064407df22ff1304 52054 php5-pgsql_5.2.10.dfsg.1-2_i386.deb
 e91922996574926a7463a656e0b8f0855749e39d749a8001e4e2ed47e54557d0 8438 php5-pspell_5.2.10.dfsg.1-2_i386.deb
 3a4b909aee83ecc351ca3cc0ebde2491d6b14420d252d7279f077db972f401ef 4822 php5-recode_5.2.10.dfsg.1-2_i386.deb
 be3e2f9435676fd40eccfab0a6f96f609e8469c149f74f1df572ff69f9657ae0 11668 php5-snmp_5.2.10.dfsg.1-2_i386.deb
 1be9d49101006b932e9debfdda81743b5c8ee589ae5467a4b2eef36a0947d690 34268 php5-sqlite_5.2.10.dfsg.1-2_i386.deb
 39196031e51a71fb07e0e153510159691f05f099c5a0b86e007da2590ff40fec 25438 php5-sybase_5.2.10.dfsg.1-2_i386.deb
 d0a9497b50ebb9d45a61568dbdea864e4a7e0db7626e8f844485d225e0c0f090 16446 php5-tidy_5.2.10.dfsg.1-2_i386.deb
 9c936b6d503be351e1130f0ada0cfcb8bdd56ffdb168c001a24784353ef36f2e 37148 php5-xmlrpc_5.2.10.dfsg.1-2_i386.deb
 dd02de288aaf551025cbebc9d142755e2605d4a4d38b8fa998f518d2e11efd10 12674 php5-xsl_5.2.10.dfsg.1-2_i386.deb
 2ed9eee40ad520a71e0bd143c1068a5aed7f9808135e0c39a64fdf9937e5d34c 1078 php5_5.2.10.dfsg.1-2_all.deb
 a03eb79b0a7757a3551d769b61d0d0e2b5bbdd8aa71817ab075a2a34873d8035 337462 php-pear_5.2.10.dfsg.1-2_all.deb
Files: 
 31fe3cc1184b0a2f498cabd8414d3cb9 2554 php optional php5_5.2.10.dfsg.1-2.dsc
 13c69554728146590eae885f8d424af6 141259 php optional php5_5.2.10.dfsg.1-2.diff.gz
 51520924b990895888522316aa2bc2bd 417342 php optional php5-common_5.2.10.dfsg.1-2_i386.deb
 4a2d844ab71014c994aa250712dbf7b0 2487930 httpd optional libapache2-mod-php5_5.2.10.dfsg.1-2_i386.deb
 700fb22e999df10ca136b008f1749f48 2486516 httpd optional libapache2-mod-php5filter_5.2.10.dfsg.1-2_i386.deb
 03ef4a86c59151583291ef5e0e08d4f4 4923258 php optional php5-cgi_5.2.10.dfsg.1-2_i386.deb
 0a32f6cad78e35be464e0a3a46bc0016 2477372 php optional php5-cli_5.2.10.dfsg.1-2_i386.deb
 84fecc277f8129a3b7c1d2df52b3cf47 370240 php optional php5-dev_5.2.10.dfsg.1-2_i386.deb
 7b4eb60e8424dddb15e1bd8608975a43 8606088 debug extra php5-dbg_5.2.10.dfsg.1-2_i386.deb
 48958c0f451e33d88d6f6721f67be75d 23880 php optional php5-curl_5.2.10.dfsg.1-2_i386.deb
 c2bc1ddeda1efe34424fbbb7ec4b3fb0 32096 php optional php5-gd_5.2.10.dfsg.1-2_i386.deb
 0460d9606e613c6570ab262b5695f872 13978 php optional php5-gmp_5.2.10.dfsg.1-2_i386.deb
 2a4fe3413361f4a8ceb682a34d4332cd 34308 php optional php5-imap_5.2.10.dfsg.1-2_i386.deb
 58905a2f1aa0ca0286d4ba97242597c7 44662 php optional php5-interbase_5.2.10.dfsg.1-2_i386.deb
 a27a1ad886bc31040b6dc058aa8e8328 18074 php optional php5-ldap_5.2.10.dfsg.1-2_i386.deb
 d8dac81e780cf416d7ad8df5e515d903 12896 php optional php5-mcrypt_5.2.10.dfsg.1-2_i386.deb
 ac820acab35dc60942da686ca34b9798 5104 php optional php5-mhash_5.2.10.dfsg.1-2_i386.deb
 5299968d418f7adb6183cf1c082e7fe2 65138 php optional php5-mysql_5.2.10.dfsg.1-2_i386.deb
 52f955b334615fb54e719fa58c8293b2 33492 php optional php5-odbc_5.2.10.dfsg.1-2_i386.deb
 e0cf5f3dd61040d2a8f31d9ebf10d264 52054 php optional php5-pgsql_5.2.10.dfsg.1-2_i386.deb
 30f24ff570ea6ce4a457422f61140c12 8438 php optional php5-pspell_5.2.10.dfsg.1-2_i386.deb
 d0a0673e1aa15d9cda298bb5cbfe5e71 4822 php optional php5-recode_5.2.10.dfsg.1-2_i386.deb
 e20fab4184cd4d869185ed58a8bd9912 11668 php optional php5-snmp_5.2.10.dfsg.1-2_i386.deb
 9193dda1c2babdb02cb70ed0be1451c9 34268 php optional php5-sqlite_5.2.10.dfsg.1-2_i386.deb
 72b21c083b6ff3e25407f093d4a7f755 25438 php optional php5-sybase_5.2.10.dfsg.1-2_i386.deb
 4d9e2b2c726a4c3e5569ebcd828fe6af 16446 php optional php5-tidy_5.2.10.dfsg.1-2_i386.deb
 4271f28822884733b166cb6d37af59d5 37148 php optional php5-xmlrpc_5.2.10.dfsg.1-2_i386.deb
 ad0666126ec7f24de3d265eeb5d2480f 12674 php optional php5-xsl_5.2.10.dfsg.1-2_i386.deb
 52637b9d111712c5bba8d15707dff63b 1078 php optional php5_5.2.10.dfsg.1-2_all.deb
 f8d444ef8ed27761a6efe9714436953a 337462 php optional php-pear_5.2.10.dfsg.1-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpWkwIACgkQYy49rUbZzloNmQCaA5xBpIuW62eNuIGKIQOstcQa
u3cAnRinfg2lQsf+tWlFmfsu1BZY1/JD
=ujQn
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Fri, 10 Jul 2009 15:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 10 Jul 2009 15:15:05 GMT) Full text and rfc822 format available.

Message #24 received at 535888@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: control@bugs.debian.org, 535888@bugs.debian.org
Subject: reopen
Date: Fri, 10 Jul 2009 11:14:08 -0400
reopen 535888
fixed 535888 5.2.10.dfsg.1-2
thanks

thanks for fixing this issue!  reopening to continue tracking in
etch/lenny, which haven't been fixed yet.

mike




Bug reopened, originator not changed. Request was from "Michael S. Gilbert" <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Fri, 10 Jul 2009 15:15:07 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 5.2.10.dfsg.1-2. Request was from "Michael S. Gilbert" <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Fri, 10 Jul 2009 15:15:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Fri, 10 Jul 2009 15:30:02 GMT) Full text and rfc822 format available.

Message #31 received at 535888@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 535888@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: [php-maint] Bug#535888: reopen
Date: Fri, 10 Jul 2009 10:26:22 -0500
close 535888
found 535888 5.2.6.dfsg.1-1+lenny3
found 535888 5.2.9.dfsg.1-4
fixed 535888 5.3.0-1
thanks

On Friday 10 July 2009 10:14:08 Michael S. Gilbert wrote:
> reopen 535888
> fixed 535888 5.2.10.dfsg.1-2
> thanks
>
> thanks for fixing this issue!  reopening to continue tracking in
> etch/lenny, which haven't been fixed yet.

That's not the right way to do it, you should mark the bug as found in the 
other versions.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Bug closed, send any further explanations to "Michael S. Gilbert" <michael.s.gilbert@gmail.com> Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 10 Jul 2009 15:30:03 GMT) Full text and rfc822 format available.

Bug marked as found in version 5.2.6.dfsg.1-1+lenny3. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 10 Jul 2009 15:30:04 GMT) Full text and rfc822 format available.

Bug marked as found in version 5.2.9.dfsg.1-4. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 10 Jul 2009 15:30:04 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 5.3.0-1. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 10 Jul 2009 15:30:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Fri, 10 Jul 2009 15:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 10 Jul 2009 15:51:03 GMT) Full text and rfc822 format available.

Message #44 received at 535888@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: 535888@bugs.debian.org
Subject: Re: [php-maint] Bug#535888: reopen
Date: Fri, 10 Jul 2009 11:46:48 -0400
On Fri, 10 Jul 2009 10:26:22 -0500, Raphael Geissert wrote:
> close 535888
> found 535888 5.2.6.dfsg.1-1+lenny3
> found 535888 5.2.9.dfsg.1-4
> fixed 535888 5.3.0-1
> thanks
> 
> On Friday 10 July 2009 10:14:08 Michael S. Gilbert wrote:
> > reopen 535888
> > fixed 535888 5.2.10.dfsg.1-2
> > thanks
> >
> > thanks for fixing this issue!  reopening to continue tracking in
> > etch/lenny, which haven't been fixed yet.
> 
> That's not the right way to do it, you should mark the bug as found in the 
> other versions.

doesn't it make more sense to keep the bug open until all versions are
fixed?  at least that way it continues to show up on the bug tracking
pages; and i think more accurately represents the state of the bug. my
interpretation is that closed means that the bug is gone.

mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Fri, 10 Jul 2009 16:45:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 10 Jul 2009 16:45:04 GMT) Full text and rfc822 format available.

Message #49 received at 535888@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: 535888@bugs.debian.org
Subject: Re: Bug#535888: Info received ([php-maint] Bug#535888: reopen)
Date: Fri, 10 Jul 2009 12:29:06 -0400
i probably should have asked whether you think that this issue warrants
a DSA, would be good for an SPU, or whether you think it is
unimportant.  if this can be considered unimportant, then yes, i agree
the bug should be closed, but if there do need to be stable updates,
then i think that the bug should remain open.

mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 02:03:02 GMT) Full text and rfc822 format available.

Message #52 received at 535888@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Cc: 540611-done@bugs.debian.org, 535888@bugs.debian.org
Subject: Re: [php-maint] Bug#540611: php5: exif buffer overread
Date: Sun, 9 Aug 2009 21:02:36 -0500
On Sunday 09 August 2009 01:13:42 Michael S. Gilbert wrote:
>
> hello, it has been disclosed that php is vulnerable to a buffer
> over-read in versions befor 5.2.10.  see:

You already reported it as #535888, there's no need to report it more than 
once.
And no, reopening the report is *not necessary*, the BTS knows what versions 
are affected. *Take a look at the graph at the top if necessary*

And adding another entry to  the security tracker doesn't help either.

>
> http://secunia.com/advisories/35441/
> http://www.vupen.com/english/advisories/2009/1632
>

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 03:00:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 03:00:02 GMT) Full text and rfc822 format available.

Message #57 received at 535888@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: 540611@bugs.debian.org, 535888@bugs.debian.org
Subject: Re: [php-maint] Bug#540611: php5: exif buffer overread
Date: Sun, 9 Aug 2009 22:57:09 -0400
On Sun, 9 Aug 2009 21:02:36 -0500 Raphael Geissert wrote:

> On Sunday 09 August 2009 01:13:42 Michael S. Gilbert wrote:
> >
> > hello, it has been disclosed that php is vulnerable to a buffer
> > over-read in versions befor 5.2.10.  see:
> 
> You already reported it as #535888, there's no need to report it more than 
> once.
> And no, reopening the report is *not necessary*, the BTS knows what versions 
> are affected. *Take a look at the graph at the top if necessary*
> 
> And adding another entry to  the security tracker doesn't help either.

i appologize for the mistake.  when issues don't get assigned a common
number, it's easy to miss the fact that different reports are actually
the same issue.  it was not my intent to open a duplicate bug, it looked
like this was new.

maybe it's just me, but dealing with issues in multiple releases with
the debian bts is non-obvious and a major pain.  is the "*right*" way
to do this documented somewhere?

mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 06:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to sean finney <seanius@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 06:21:02 GMT) Full text and rfc822 format available.

Message #62 received at 535888@bugs.debian.org (full text, mbox):

From: sean finney <seanius@debian.org>
To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 540611@bugs.debian.org
Cc: 535888@bugs.debian.org
Subject: Re: [php-maint] Bug#540611: Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 08:17:44 +0200
[Message part 1 (text/plain, inline)]
hi michael,

On Sun, Aug 09, 2009 at 10:57:09PM -0400, Michael S. Gilbert wrote:
> maybe it's just me, but dealing with issues in multiple releases with
> the debian bts is non-obvious and a major pain.  is the "*right*" way
> to do this documented somewhere?

i've brought this up in the past on -devel because i also find it
annoying.  i wasn't given a good solution apart from "you can probably
do it with usertags", which is more of a cop out than anything else
imho :(

fyi i'm out on vacation now so won't have any time to put forward on
php related stuff for at least another week if not two.

	sean
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 16:24:24 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 16:24:24 GMT) Full text and rfc822 format available.

Message #67 received at 535888@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 535888@bugs.debian.org
Cc: 540611@bugs.debian.org
Subject: Re: Bug#535888: [php-maint] Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 18:05:57 +0200
[Message part 1 (text/plain, inline)]
Hi,
* Michael S. Gilbert <michael.s.gilbert@gmail.com> [2009-08-10 05:07]:
> On Sun, 9 Aug 2009 21:02:36 -0500 Raphael Geissert wrote:
> > On Sunday 09 August 2009 01:13:42 Michael S. Gilbert wrote:
> > >
> > > hello, it has been disclosed that php is vulnerable to a buffer
> > > over-read in versions befor 5.2.10.  see:
> > 
> > You already reported it as #535888, there's no need to report it more than 
> > once.
> > And no, reopening the report is *not necessary*, the BTS knows what versions 
> > are affected. *Take a look at the graph at the top if necessary*
> > 
> > And adding another entry to  the security tracker doesn't help either.
> 
> i appologize for the mistake.  when issues don't get assigned a common
> number, it's easy to miss the fact that different reports are actually
> the same issue.  it was not my intent to open a duplicate bug, it looked
> like this was new.
> 
> maybe it's just me, but dealing with issues in multiple releases with
> the debian bts is non-obvious and a major pain.  is the "*right*" way
> to do this documented somewhere?

http://wiki.debian.org/BugsVersionTracking maybe helps you.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 16:54:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 16:54:02 GMT) Full text and rfc822 format available.

Message #72 received at 535888@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: 540611@bugs.debian.org, 535888@bugs.debian.org
Subject: Re: [php-maint] Bug#540611: Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 12:51:18 -0400
On Mon, 10 Aug 2009 08:17:44 +0200, sean finney wrote:
> hi michael,
> 
> On Sun, Aug 09, 2009 at 10:57:09PM -0400, Michael S. Gilbert wrote:
> > maybe it's just me, but dealing with issues in multiple releases with
> > the debian bts is non-obvious and a major pain.  is the "*right*" way
> > to do this documented somewhere?
> 
> i've brought this up in the past on -devel because i also find it
> annoying.  i wasn't given a good solution apart from "you can probably
> do it with usertags", which is more of a cop out than anything else
> imho :(
> 
> fyi i'm out on vacation now so won't have any time to put forward on
> php related stuff for at least another week if not two.

ok, thanks for the info.  have a good one.

mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 17:06:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 17:06:02 GMT) Full text and rfc822 format available.

Message #77 received at 535888@bugs.debian.org (full text, mbox):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
To: 535888@bugs.debian.org, 540611@bugs.debian.org
Cc: nion@debian.org, debian-debbugs@lists.debian.org
Subject: Re: Bug#535888: [php-maint] Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 13:06:23 -0400
On Mon, 10 Aug 2009 18:05:57 +0200, Nico Golde wrote:
> > maybe it's just me, but dealing with issues in multiple releases with
> > the debian bts is non-obvious and a major pain.  is the "*right*" way
> > to do this documented somewhere?
> 
> http://wiki.debian.org/BugsVersionTracking maybe helps you.

thanks for the link.  this makes it clear how the system is supposed
to work, but it also makes it clear that the system is rather broken --
at least from the standpoint that bugs get closed on the first fix,
rather than when all releases are either fixed or marked as not
affected.

i guess i'll just deal with the broken system as is...

mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 17:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 17:39:05 GMT) Full text and rfc822 format available.

Message #82 received at 535888@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 535888@bugs.debian.org
Subject: Re: Bug#535888: [php-maint] Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 19:30:22 +0200
[Message part 1 (text/plain, inline)]
Hi,
* Michael S. Gilbert <michael.s.gilbert@gmail.com> [2009-08-10 19:06]:
> On Mon, 10 Aug 2009 18:05:57 +0200, Nico Golde wrote:
> > > maybe it's just me, but dealing with issues in multiple releases with
> > > the debian bts is non-obvious and a major pain.  is the "*right*" way
> > > to do this documented somewhere?
> > 
> > http://wiki.debian.org/BugsVersionTracking maybe helps you.
> 
> thanks for the link.  this makes it clear how the system is supposed
> to work, but it also makes it clear that the system is rather broken --
> at least from the standpoint that bugs get closed on the first fix,
> rather than when all releases are either fixed or marked as not
> affected.
> 
> i guess i'll just deal with the broken system as is...

I'm sure Don welcomes constructive criticism ;)

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 17:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael S Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 17:42:02 GMT) Full text and rfc822 format available.

Message #87 received at 535888@bugs.debian.org (full text, mbox):

From: Michael S Gilbert <michael.s.gilbert@gmail.com>
To: Nico Golde <nion@debian.org>
Cc: 535888@bugs.debian.org
Subject: Re: Bug#535888: [php-maint] Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 13:36:31 -0400
>> i guess i'll just deal with the broken system as is...
>
> I'm sure Don welcomes constructive criticism ;)

ok, i'll put together a constructive bug report when i have the chance.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 17:51:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to sean finney <seanius@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 10 Aug 2009 17:51:02 GMT) Full text and rfc822 format available.

Message #92 received at 535888@bugs.debian.org (full text, mbox):

From: sean finney <seanius@debian.org>
To: Michael S Gilbert <michael.s.gilbert@gmail.com>, 535888@bugs.debian.org
Cc: Nico Golde <nion@debian.org>
Subject: Re: [php-maint] Bug#535888: Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 19:50:02 +0200
[Message part 1 (text/plain, inline)]
hey michael,

On Mon, Aug 10, 2009 at 01:36:31PM -0400, Michael S Gilbert wrote:
> >> i guess i'll just deal with the broken system as is...
> >
> > I'm sure Don welcomes constructive criticism ;)
> 
> ok, i'll put together a constructive bug report when i have the chance.

you can also reference and/or merge in #517599 when you do so, which
is complaining about the same problem but in a more specific context
(pending status instead of general tracking across releases).


regards,
	sean
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#535888; Package php5. (Mon, 10 Aug 2009 18:39:03 GMT) Full text and rfc822 format available.

Message #95 received at 535888@bugs.debian.org (full text, mbox):

From: Don Armstrong <don@debian.org>
To: "Michael S\. Gilbert" <michael.s.gilbert@gmail.com>
Cc: 535888@bugs.debian.org, 540611@bugs.debian.org, debian-debbugs@lists.debian.org
Subject: Re: Bug#535888: [php-maint] Bug#540611: php5: exif buffer overread
Date: Mon, 10 Aug 2009 11:35:35 -0700
# if it's the same bug, merge it; don't just close it.
forcemerge 535888 540611
thanks

On Mon, 10 Aug 2009, Michael S. Gilbert wrote:
> On Mon, 10 Aug 2009 18:05:57 +0200, Nico Golde wrote:
> > > maybe it's just me, but dealing with issues in multiple releases
> > > with the debian bts is non-obvious and a major pain. is the
> > > "*right*" way to do this documented somewhere?
> > 
> > http://wiki.debian.org/BugsVersionTracking maybe helps you.
> 
> thanks for the link. this makes it clear how the system is supposed
> to work, but it also makes it clear that the system is rather broken
> -- at least from the standpoint that bugs get closed on the first
> fix, rather than when all releases are either fixed or marked as not
> affected.

Bugs are marked as -done when someone has taken action that fixes the
problem somewhere. The "-done"-ness of a bug is orthogonal to whether
a bug is fixed, absent, or present at a particular version. [It's
included primarily because it's needed for bugs which don't have any
versioning information and because it provides information as to
whether some fix has been found and uploaded for the issue.]

Assuming you've done your job properly, and documented in a changelog
when you've fixed a particular bug, and marked the appropriate
versions as found, everything should be handled correctly.

If you want to know about outstanding issues for a particular
distribution, append the appropriate dist= option for that
distribution.

If you have particular questions about how the BTS works, or you're
unsure as to the proper way to do something, feel free to ask on
debian-debbugs@lists.debian.org or on #debbugs or #debian-bugs on IRC,
or you can track me down if necessary. [But the former three options
almost invariably result in me responding anyway.]


Don Armstrong

-- 
I may not have gone where I intended to go, but I think I have ended
up where I needed to be.
 -- Douglas Adams _The Long Dark Tea-Time of the Soul_

http://www.donarmstrong.com              http://rzlab.ucr.edu




Forcibly Merged 535888 540611. Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. (Mon, 10 Aug 2009 18:39:06 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 14 Sep 2009 07:29:02 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Sun, 22 Nov 2009 00:42:07 GMT) Full text and rfc822 format available.

Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Sat, 05 Dec 2009 21:42:03 GMT) Full text and rfc822 format available.

Notification sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sat, 05 Dec 2009 21:42:04 GMT) Full text and rfc822 format available.

Message #106 received at 535888-close@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 535888-close@bugs.debian.org
Subject: Bug#535888: fixed in php5 5.2.6.dfsg.1-1+lenny4
Date: Sat, 05 Dec 2009 21:40:50 +0000
Source: php5
Source-Version: 5.2.6.dfsg.1-1+lenny4

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_i386.deb
libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_i386.deb
php-pear_5.2.6.dfsg.1-1+lenny4_all.deb
  to main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny4_all.deb
php5-cgi_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-cli_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-common_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-curl_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-dbg_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-dev_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-gd_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-gmp_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-imap_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-interbase_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-ldap_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-mcrypt_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-mhash_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-mysql_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-odbc_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-pgsql_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-pspell_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-recode_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-snmp_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-sqlite_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-sybase_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-tidy_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_i386.deb
php5-xsl_5.2.6.dfsg.1-1+lenny4_i386.deb
  to main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_i386.deb
php5_5.2.6.dfsg.1-1+lenny4.diff.gz
  to main/p/php5/php5_5.2.6.dfsg.1-1+lenny4.diff.gz
php5_5.2.6.dfsg.1-1+lenny4.dsc
  to main/p/php5/php5_5.2.6.dfsg.1-1+lenny4.dsc
php5_5.2.6.dfsg.1-1+lenny4_all.deb
  to main/p/php5/php5_5.2.6.dfsg.1-1+lenny4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535888@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Geissert <geissert@debian.org> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 21 Nov 2009 18:28:12 -0600
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-imap php5-interbase php5-ldap php5-mcrypt php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source i386 all
Version: 5.2.6.dfsg.1-1+lenny4
Distribution: stable-security
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geissert@debian.org>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-gmp   - GMP module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 535888 540605
Changes: 
 php5 (5.2.6.dfsg.1-1+lenny4) stable-security; urgency=high
 .
   * CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields
       (Closes: #535888)
   * CVE-2009-2626: remote memory disclosure via ini_* functions
       (Closes: #540605)
   * CVE-2009-3292: multiple missing checks processing exif image data
   * CVE-2009-3291: improper handling of nul character in CommonName fields
       of X509 certificates
   * max_file_uploads: prevent, by limiting, temporary files exhaustion DoS
   * Add an entry to debian/NEWS about the new per-request file uploads limit
Checksums-Sha1: 
 6cbdbce0cf6b339f9049ffe17a696e5c59f76a61 2529 php5_5.2.6.dfsg.1-1+lenny4.dsc
 6a781e8baaec57eabf1ef976779442bbffe03f6d 164099 php5_5.2.6.dfsg.1-1+lenny4.diff.gz
 453608eee6edeb648ddbc2e92b1c89db26450570 365082 php5-common_5.2.6.dfsg.1-1+lenny4_i386.deb
 5a067dabdb81f98292494a29f74d414ef9c06271 2484322 libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_i386.deb
 32937bd567e0e2f809e98411d4979345ef6f406e 2482922 libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_i386.deb
 6318c45fae77d60d34c2cad16542d034570d19d5 4911000 php5-cgi_5.2.6.dfsg.1-1+lenny4_i386.deb
 39d0e81ca4be85742b66f2959e88afc53146b151 2474740 php5-cli_5.2.6.dfsg.1-1+lenny4_i386.deb
 345eac59d4f17a39c511e984f68ef3fb7609b73d 365616 php5-dev_5.2.6.dfsg.1-1+lenny4_i386.deb
 3892a5447c11c987001d6fa5f9a2e53f6d603ce3 8470280 php5-dbg_5.2.6.dfsg.1-1+lenny4_i386.deb
 629d1d4a1de99f96cf6c8b61aced13e80cc2988d 23770 php5-curl_5.2.6.dfsg.1-1+lenny4_i386.deb
 dd636fde8caccf89a22dbc8ad3999fe68f050b63 32390 php5-gd_5.2.6.dfsg.1-1+lenny4_i386.deb
 98259221c6b1453a50229751838677bb7f70f1e0 14202 php5-gmp_5.2.6.dfsg.1-1+lenny4_i386.deb
 f77b8e70452c14c04ba4db4232902670c6aa8406 34600 php5-imap_5.2.6.dfsg.1-1+lenny4_i386.deb
 e3e09ac437bcc565f4ebe649bf3f5bd30f9d9291 45164 php5-interbase_5.2.6.dfsg.1-1+lenny4_i386.deb
 e16bb652144d3c5dc7fffc85f6b5d8e234a76556 18236 php5-ldap_5.2.6.dfsg.1-1+lenny4_i386.deb
 b86a03742685672a0a6cfcabca482b6e767ffe2d 12924 php5-mcrypt_5.2.6.dfsg.1-1+lenny4_i386.deb
 5de598181756a416d3f1c089caa9408bf4bdd78c 5158 php5-mhash_5.2.6.dfsg.1-1+lenny4_i386.deb
 708985d53d2ea547c9005304684fcb41eb4f68c4 65752 php5-mysql_5.2.6.dfsg.1-1+lenny4_i386.deb
 6e87fc89e7093acb3720eaacd598a0d095b46b4e 33548 php5-odbc_5.2.6.dfsg.1-1+lenny4_i386.deb
 38cd95ff523a5ce1ff5240704eb62a7b659de8fb 52366 php5-pgsql_5.2.6.dfsg.1-1+lenny4_i386.deb
 120702df7b1959ea577052334e35479dd92bcfdc 8468 php5-pspell_5.2.6.dfsg.1-1+lenny4_i386.deb
 f31ddb670a29433a97910dd5924912b8c7a5c166 4850 php5-recode_5.2.6.dfsg.1-1+lenny4_i386.deb
 c2abad44011ec391e7363f2e08e9937cc39ae628 11602 php5-snmp_5.2.6.dfsg.1-1+lenny4_i386.deb
 03a815e48de9a1273ac9a136429520a28539859f 34518 php5-sqlite_5.2.6.dfsg.1-1+lenny4_i386.deb
 5452212beaf76f39fb036b263d254dba39c24d3c 25576 php5-sybase_5.2.6.dfsg.1-1+lenny4_i386.deb
 b2a5e1b706f6a4b06c3ad58637027f0ceba1dafb 16608 php5-tidy_5.2.6.dfsg.1-1+lenny4_i386.deb
 5c7c68cae51921a23b412fbb2927554874bddcd4 37674 php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_i386.deb
 e0996696aeee6d7ae0eb6e6bb711eacf2082e68b 12816 php5-xsl_5.2.6.dfsg.1-1+lenny4_i386.deb
 7663baf8d562658172d2e0ff87546470fc4986b5 1080 php5_5.2.6.dfsg.1-1+lenny4_all.deb
 5988e17a7d28f34ad0eecddce79760e93db28812 334532 php-pear_5.2.6.dfsg.1-1+lenny4_all.deb
Checksums-Sha256: 
 3afd9eeb0c3e071bc913386b9ce1dafe5497d14720ee6be7f10b9e81324c3ed7 2529 php5_5.2.6.dfsg.1-1+lenny4.dsc
 3cd393a7491449b2440b249553261d99cf0510007835f2cdf2db11a652292c26 164099 php5_5.2.6.dfsg.1-1+lenny4.diff.gz
 a185528e87c9cbb2e2a0a0662bf6c94fa8704af75517a2c7d0e858162f8d01ae 365082 php5-common_5.2.6.dfsg.1-1+lenny4_i386.deb
 64675ca11809553c2e95ba60898a3039cabaab302ea79f8ca06b4d1cd605459b 2484322 libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_i386.deb
 3fdd91bcd4dbbbd9537b59f2a22873aa500bfb970582f771b9ed4bdb06c00738 2482922 libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_i386.deb
 46730a40ff3ce320891f2a8c42fb754617d220e31a4cdc3f8769c2821e438bab 4911000 php5-cgi_5.2.6.dfsg.1-1+lenny4_i386.deb
 b00e41d5c84d4d698eb38067ab7dc81e0e2762d34f79223c3adc17559b967fec 2474740 php5-cli_5.2.6.dfsg.1-1+lenny4_i386.deb
 85dd7afdedbf1c50f2ed5579395d86d5e40dbbc540a18bb9608e4f41eee7a757 365616 php5-dev_5.2.6.dfsg.1-1+lenny4_i386.deb
 65ae85a59a1290df68f729b09ef309d0a5854b3ce46f90bff3e41d96c0f89bcd 8470280 php5-dbg_5.2.6.dfsg.1-1+lenny4_i386.deb
 6bd0e5748f54e852ee9db6bd9fd9a0c7155e6ae81954740b86f132d7927639de 23770 php5-curl_5.2.6.dfsg.1-1+lenny4_i386.deb
 9e223981df3fbdefecb9eb3b93c229a57b2096ca496850d3564ef29526f19cc5 32390 php5-gd_5.2.6.dfsg.1-1+lenny4_i386.deb
 920ebf33bcc7cfef7cbd42208abec6237cbe3e74f5f5e3807c38299652324739 14202 php5-gmp_5.2.6.dfsg.1-1+lenny4_i386.deb
 7a857bbc1f909a5d5aed993a11cfdcfb1255203a17783bcccaf7a669a9f65431 34600 php5-imap_5.2.6.dfsg.1-1+lenny4_i386.deb
 372c1cb3dac080e899d0eff3e92f1d513f908112a79c0dd462833b5b1759a0da 45164 php5-interbase_5.2.6.dfsg.1-1+lenny4_i386.deb
 9cb716e1af115752eda2dd09b2fd5663574771c2b85f850730f4bd1c7311a8f1 18236 php5-ldap_5.2.6.dfsg.1-1+lenny4_i386.deb
 aca07da7d98cd208b527409e49a8a9ad09fcb740bc5eac20c0a4a4d4a2c1cc3c 12924 php5-mcrypt_5.2.6.dfsg.1-1+lenny4_i386.deb
 e5f5a55302880c61643cda39972b4f8d3d728bf8ab6b876a026b42890fab63e9 5158 php5-mhash_5.2.6.dfsg.1-1+lenny4_i386.deb
 f7301f8870d57f9f8fa1e9cd81a440a079137dcdc0a59ee5a72e8a69b8ce881c 65752 php5-mysql_5.2.6.dfsg.1-1+lenny4_i386.deb
 d40c79bb6aa560939b43d4bc6d53f59c174f8c649d9b22f8b42a0e78b4055a0b 33548 php5-odbc_5.2.6.dfsg.1-1+lenny4_i386.deb
 27e352688f1283958629b6ba666fe68112b866b959efb0f409ba582e45c78999 52366 php5-pgsql_5.2.6.dfsg.1-1+lenny4_i386.deb
 8466f3d9dd75f6de09b3782e816101a99ea4b729a7669c0dcb2d87553a8665d3 8468 php5-pspell_5.2.6.dfsg.1-1+lenny4_i386.deb
 d948033bd7f30c2d60d8906e0e248036811a1752f78808241a4610d8eb0d883b 4850 php5-recode_5.2.6.dfsg.1-1+lenny4_i386.deb
 37fbb62b77cbce95526557a2761a4956f8dc5270b992b64a5079eebb86981b50 11602 php5-snmp_5.2.6.dfsg.1-1+lenny4_i386.deb
 1e3c5a9b5894ca93690c56d23048e66a747fab1cf90373a289b97e388622ca98 34518 php5-sqlite_5.2.6.dfsg.1-1+lenny4_i386.deb
 cab6a4ea145e90b5b5605f3ee853bd0cfd61d466f8ecf909d38c95a56804b08e 25576 php5-sybase_5.2.6.dfsg.1-1+lenny4_i386.deb
 600326186f5b3aab7d1de13c2f69353be94bf53651ba32611a5a29694b6e8c80 16608 php5-tidy_5.2.6.dfsg.1-1+lenny4_i386.deb
 13cb8d0d6560257cfb8d3744a707d5fb9e4ca7fcca2afbf434a8b7c2815a49f9 37674 php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_i386.deb
 09de9c2621fa215df44f0c78b02c04ef1fbc92b5539fcd7da5fa0d0b9dc70486 12816 php5-xsl_5.2.6.dfsg.1-1+lenny4_i386.deb
 63689aabe35dd17c27141b6d19d6648d0fc3c04971ccafe6830d7a6cf5692c73 1080 php5_5.2.6.dfsg.1-1+lenny4_all.deb
 854287915ebd243bc5618dcfa4907c4bb798b83b1df58612d38217a1ad8d43cb 334532 php-pear_5.2.6.dfsg.1-1+lenny4_all.deb
Files: 
 a437a2a7a18fd20140862ca43030f388 2529 web optional php5_5.2.6.dfsg.1-1+lenny4.dsc
 957d5e45ad5a1e96d92a864b29590e7b 164099 web optional php5_5.2.6.dfsg.1-1+lenny4.diff.gz
 4392cd0a81f4476fdd9742acc7bd6c93 365082 web optional php5-common_5.2.6.dfsg.1-1+lenny4_i386.deb
 fa5e02bfc4a02d6eeaa78b6c7311da62 2484322 web optional libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_i386.deb
 208f37e972ef75ec8f523b0d23fd96c9 2482922 web optional libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_i386.deb
 92362c5cb984c325520a55e1e002ebcf 4911000 web optional php5-cgi_5.2.6.dfsg.1-1+lenny4_i386.deb
 cb9e502935ca06c4302261950d783986 2474740 web optional php5-cli_5.2.6.dfsg.1-1+lenny4_i386.deb
 fdecf9d9e454bb798f79cb52683170ce 365616 devel optional php5-dev_5.2.6.dfsg.1-1+lenny4_i386.deb
 72de688ddc3ccd2cd608c2e484f54171 8470280 devel extra php5-dbg_5.2.6.dfsg.1-1+lenny4_i386.deb
 6e116b8d6ff24d733aa194e1975f5e0b 23770 web optional php5-curl_5.2.6.dfsg.1-1+lenny4_i386.deb
 5744d41850736ea9b996c6cb66e9d837 32390 web optional php5-gd_5.2.6.dfsg.1-1+lenny4_i386.deb
 ce163ac3822488ee9a983486ebf4a562 14202 web optional php5-gmp_5.2.6.dfsg.1-1+lenny4_i386.deb
 0150f3c3acf9a56aa1c50799d7a48340 34600 web optional php5-imap_5.2.6.dfsg.1-1+lenny4_i386.deb
 6e34b5c552ed4078ba2f030ccf813837 45164 web optional php5-interbase_5.2.6.dfsg.1-1+lenny4_i386.deb
 e5bc99009e981fccf50c904a0052936e 18236 web optional php5-ldap_5.2.6.dfsg.1-1+lenny4_i386.deb
 828d2c034635500f64f5b098f7cbb7fb 12924 web optional php5-mcrypt_5.2.6.dfsg.1-1+lenny4_i386.deb
 071eaa0a8b2199d592a1797d5e4d5883 5158 web optional php5-mhash_5.2.6.dfsg.1-1+lenny4_i386.deb
 04adcc201acbc00217f45234cb77f6c6 65752 web optional php5-mysql_5.2.6.dfsg.1-1+lenny4_i386.deb
 c3a037fe3763dd678650f8ecf155d5b1 33548 web optional php5-odbc_5.2.6.dfsg.1-1+lenny4_i386.deb
 3707092cee43aedcde4ce319285497ab 52366 web optional php5-pgsql_5.2.6.dfsg.1-1+lenny4_i386.deb
 669f1fb7284dcd3d20efc112f4b5a9eb 8468 web optional php5-pspell_5.2.6.dfsg.1-1+lenny4_i386.deb
 12262df32db3978db628398d300ae3a7 4850 web optional php5-recode_5.2.6.dfsg.1-1+lenny4_i386.deb
 2223164ddbe8a6a49844d95aa5626d14 11602 web optional php5-snmp_5.2.6.dfsg.1-1+lenny4_i386.deb
 ef1ece7435c66eee3c1c85fd35a493d9 34518 web optional php5-sqlite_5.2.6.dfsg.1-1+lenny4_i386.deb
 f458f0d98f3fcaa76f8aa3257eabaead 25576 web optional php5-sybase_5.2.6.dfsg.1-1+lenny4_i386.deb
 1fd57beb77f5404babf1a11811f786d7 16608 web optional php5-tidy_5.2.6.dfsg.1-1+lenny4_i386.deb
 e5a88b469517b3e0f934fab003622d43 37674 web optional php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_i386.deb
 90c17f509e3c6fa6572576a0800e461c 12816 web optional php5-xsl_5.2.6.dfsg.1-1+lenny4_i386.deb
 285cecdbe24061cfa77e62f36ae78e99 1080 web optional php5_5.2.6.dfsg.1-1+lenny4_all.deb
 14c1cefa63a25bc9d47f2b613c79a658 334532 web optional php-pear_5.2.6.dfsg.1-1+lenny4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksJerQACgkQYy49rUbZzlrt2QCfZsVJZMi81EfFZWZ89HfU6XN8
9RYAnjW0a49NVs5e+hsflRH8BqvyAnB0
=I3cr
-----END PGP SIGNATURE-----





Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Sat, 05 Dec 2009 21:42:05 GMT) Full text and rfc822 format available.

Notification sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sat, 05 Dec 2009 21:42:05 GMT) Full text and rfc822 format available.

Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Sat, 05 Dec 2009 22:36:09 GMT) Full text and rfc822 format available.

Notification sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sat, 05 Dec 2009 22:36:09 GMT) Full text and rfc822 format available.

Message #116 received at 535888-close@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 535888-close@bugs.debian.org
Subject: Bug#535888: fixed in php5 5.2.0+dfsg-8+etch16
Date: Sat, 05 Dec 2009 22:34:27 +0000
Source: php5
Source-Version: 5.2.0+dfsg-8+etch16

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
libapache2-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
php-pear_5.2.0+dfsg-8+etch16_all.deb
  to main/p/php5/php-pear_5.2.0+dfsg-8+etch16_all.deb
php5-cgi_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_amd64.deb
php5-cli_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_amd64.deb
php5-common_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-common_5.2.0+dfsg-8+etch16_amd64.deb
php5-curl_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_amd64.deb
php5-dev_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_amd64.deb
php5-gd_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_amd64.deb
php5-imap_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_amd64.deb
php5-interbase_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-interbase_5.2.0+dfsg-8+etch16_amd64.deb
php5-ldap_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_amd64.deb
php5-mcrypt_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_amd64.deb
php5-mhash_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_amd64.deb
php5-mysql_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_amd64.deb
php5-odbc_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_amd64.deb
php5-pgsql_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_amd64.deb
php5-pspell_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_amd64.deb
php5-recode_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_amd64.deb
php5-snmp_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_amd64.deb
php5-sqlite_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_amd64.deb
php5-sybase_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_amd64.deb
php5-tidy_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_amd64.deb
php5-xmlrpc_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_amd64.deb
php5-xsl_5.2.0+dfsg-8+etch16_amd64.deb
  to main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_amd64.deb
php5_5.2.0+dfsg-8+etch16.diff.gz
  to main/p/php5/php5_5.2.0+dfsg-8+etch16.diff.gz
php5_5.2.0+dfsg-8+etch16.dsc
  to main/p/php5/php5_5.2.0+dfsg-8+etch16.dsc
php5_5.2.0+dfsg-8+etch16_all.deb
  to main/p/php5/php5_5.2.0+dfsg-8+etch16_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535888@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Geissert <geissert@debian.org> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 24 Nov 2009 00:16:19 -0600
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap php5-snmp php5-dev php5-sqlite libapache-mod-php5 php5-interbase
Architecture: source amd64 all
Version: 5.2.0+dfsg-8+etch16
Distribution: oldstable-security
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geissert@debian.org>
Description: 
 libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3 module)
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2 module)
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (meta-package)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 527560 535888
Changes: 
 php5 (5.2.0+dfsg-8+etch16) oldstable-security; urgency=high
 .
   [ Sean Finney ]
   * fix for double-free regression in patch CVE-2008-5658 (Closes: #527560)
     - thanks to S├ębastien Le Ray <s.le_ray@eutech-ssii.com>
 .
   [ Raphael Geissert ]
   * CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields
      (Closes: #535888)
   * CVE-2009-3292: multiple missing checks processing exif image data
   * CVE-2009-3291: improper handling of nul character in CommonName fields
       of X509 certificates
   * max_file_uploads: prevent, by limiting, temporary files exhaustion DoS
   * Add an entry to debian/NEWS about the new per-request file uploads limit
Files: 
 7b5aa6deaeba26e4c5cf3bb6ae33c27b 2002 web optional php5_5.2.0+dfsg-8+etch16.dsc
 612732624d30561ad7dea430903a2807 134709 web optional php5_5.2.0+dfsg-8+etch16.diff.gz
 3996c8de414790cbf69f63b58eb83f3e 217832 web optional php5-common_5.2.0+dfsg-8+etch16_amd64.deb
 771b474b437c79d99c618b26fe37947a 2434276 web optional libapache-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
 7df76c20d0638c48fb50ff9837fa2e39 2434744 web optional libapache2-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
 fe712913c6b77092a1232b12e6c253bb 4718064 web optional php5-cgi_5.2.0+dfsg-8+etch16_amd64.deb
 09a2b12cb5b45d0091155b3164814539 2380798 web optional php5-cli_5.2.0+dfsg-8+etch16_amd64.deb
 d3bb651649ba842036cc8ac3659a78a5 344546 devel optional php5-dev_5.2.0+dfsg-8+etch16_amd64.deb
 ee88dda46b28cc8fb95368df225d1cbd 24968 web optional php5-curl_5.2.0+dfsg-8+etch16_amd64.deb
 3ddb2d6f43bf48d9d39a65be726b0758 37110 web optional php5-gd_5.2.0+dfsg-8+etch16_amd64.deb
 346f128adf65b8a11fa2d8a870ffafe6 36710 web optional php5-imap_5.2.0+dfsg-8+etch16_amd64.deb
 c2b07344538b5a844d2b9d71b2a0af0a 46768 web optional php5-interbase_5.2.0+dfsg-8+etch16_amd64.deb
 1c4cdef714b95add864534d00e307b9e 18648 web optional php5-ldap_5.2.0+dfsg-8+etch16_amd64.deb
 642f1853e66c40ba001d9259a0935a55 13476 web optional php5-mcrypt_5.2.0+dfsg-8+etch16_amd64.deb
 b4ea03d4ee1403fd58ce7911e8014cc5 5254 web optional php5-mhash_5.2.0+dfsg-8+etch16_amd64.deb
 df871b2cc8536d86cb98b1deaba12175 71764 web optional php5-mysql_5.2.0+dfsg-8+etch16_amd64.deb
 4dab2ccdcca8f327dd937bb1726baa09 36432 web optional php5-odbc_5.2.0+dfsg-8+etch16_amd64.deb
 16daf5e82a9290de8a47bd1322851c70 53950 web optional php5-pgsql_5.2.0+dfsg-8+etch16_amd64.deb
 93efa8754c0651aefdd5274a12d080e6 9396 web optional php5-pspell_5.2.0+dfsg-8+etch16_amd64.deb
 97b59510d3c93098377f7ce3d035678f 4898 web optional php5-recode_5.2.0+dfsg-8+etch16_amd64.deb
 a1903f82b61820a26c9dda7539c67256 12052 web optional php5-snmp_5.2.0+dfsg-8+etch16_amd64.deb
 3a4a23a7b9b44034ad431a1bc97c9b43 38442 web optional php5-sqlite_5.2.0+dfsg-8+etch16_amd64.deb
 f4c3bbdb831244db2bdd5335efd3edd5 19420 web optional php5-sybase_5.2.0+dfsg-8+etch16_amd64.deb
 1367309ced589b7e431e208d08c05d4c 17562 web optional php5-tidy_5.2.0+dfsg-8+etch16_amd64.deb
 2b214fc86b2a97dcdbf3bca165eb8082 39156 web optional php5-xmlrpc_5.2.0+dfsg-8+etch16_amd64.deb
 4b4c9d4850a1e333ee06890f74af6c7f 13022 web optional php5-xsl_5.2.0+dfsg-8+etch16_amd64.deb
 64a93759ca8a44ce1499fb425af5ba7d 1044 web optional php5_5.2.0+dfsg-8+etch16_all.deb
 7919b140eee8f8f2e10fedd41fd14fd6 310830 web optional php-pear_5.2.0+dfsg-8+etch16_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksLik4ACgkQYy49rUbZzlohlQCfbDG0/649rPphN3g8t6pO9O/H
HdoAnRpmtkwJKTjIrMd22G4Q9J4kUQcc
=GuSb
-----END PGP SIGNATURE-----





Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Sat, 05 Dec 2009 22:36:10 GMT) Full text and rfc822 format available.

Notification sent to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sat, 05 Dec 2009 22:36:10 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 03 Jan 2010 07:27:49 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 16:09:39 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.