Debian Bug report logs - #573573
CVE-2010-0397: null pointer dereference in the xmlrpc extension

version graph

Package: php5-xmlrpc; Maintainer for php5-xmlrpc is Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>; Source for php5-xmlrpc is src:php5.

Reported by: Auke van Slooten <auke@muze.nl>

Date: Fri, 12 Mar 2010 15:09:02 UTC

Severity: important

Tags: confirmed, pending, security

Found in version php5/5.3.1-4

Fixed in versions php5/5.3.2-1, php5/5.2.6.dfsg.1-1+lenny8

Done: Raphael Geissert <geissert@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://bugs.php.net/51288

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#573573; Package php5-xmlrpc. (Fri, 12 Mar 2010 15:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Auke van Slooten <auke@muze.nl>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 12 Mar 2010 15:09:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Auke van Slooten <auke@muze.nl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php5-xmlrpc: xmlrpc_decode_request generates segmentation fault on incorrect but valid xml requests
Date: Fri, 12 Mar 2010 16:47:24 +0100
Package: php5-xmlrpc
Version: 5.3.1-4
Severity: important

When decoding a xml-rpc request which is valid xml but doesn't have the
expected tags, xmlrpc_decode_request generates a segmentation fault. The
code below reproduces this:

<?php
$req = '<?xml version="1.0"?>
<methodCall>
   </methodCall>';
    $result = xmlrpc_decode_request( $req, $frop );
?>

xmlrpc_decode does work and simply returns NULL.

-- System Information:
Debian Release: 5.0.4
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages php5-xmlrpc depends on:
ii  libapache2-mod-php5 [php 5.3.1-4         server-side, HTML-embedded scripti
ii  libc6                    2.10.2-5        Embedded GNU C Library: Shared lib
ii  libxml2                  2.7.6.dfsg-2+b1 GNOME XML library
ii  php5-cli [phpapi-2009062 5.3.1-4         command-line interpreter for the p
ii  php5-common              5.3.1-4         Common files for packages built fr

php5-xmlrpc recommends no packages.

php5-xmlrpc suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#573573; Package php5-xmlrpc. (Fri, 12 Mar 2010 15:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Auke van Slooten <auke@muze.nl>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 12 Mar 2010 15:54:03 GMT) Full text and rfc822 format available.

Message #10 received at 573573@bugs.debian.org (full text, mbox):

From: Auke van Slooten <auke@muze.nl>
To: 573573@bugs.debian.org
Subject: Re: Bug#573573: Acknowledgement (php5-xmlrpc: xmlrpc_decode_request generates segmentation fault on incorrect but valid xml requests)
Date: Fri, 12 Mar 2010 16:35:14 +0100
Some more information, it appears the bug triggers only when the 
<methodName> tag is not found, but <methodCall> is available.

regards,
Auke van Slooten
Muze




Added tag(s) confirmed. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 12 Mar 2010 16:33:08 GMT) Full text and rfc822 format available.

Added tag(s) security. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 12 Mar 2010 19:03:03 GMT) Full text and rfc822 format available.

Changed Bug title to 'CVE-2010-0397: null pointer dereference in the xmlrpc extension' from 'php5-xmlrpc: xmlrpc_decode_request generates segmentation fault on incorrect but valid xml requests' Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 12 Mar 2010 19:03:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#573573; Package php5-xmlrpc. (Sat, 13 Mar 2010 01:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sat, 13 Mar 2010 01:57:05 GMT) Full text and rfc822 format available.

Message #21 received at 573573@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 573573@bugs.debian.org
Cc: ,control@bugs.debian.org
Subject: [debian/debian-sid] Fix a null pointer dereference when processing invalid XML-RPC requests (CVE-2010-0397, Closes: #573573)
Date: Sat, 13 Mar 2010 01:52:32 +0000
tag 573573 pending
thanks

Date: Fri Mar 12 19:52:30 2010 -0600
Author: Raphael Geissert <geissert@debian.org>
Commit ID: 414208016e869fd218f047792ba5912fed83c08c
Commit URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=414208016e869fd218f047792ba5912fed83c08c
Patch URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff_plain;h=414208016e869fd218f047792ba5912fed83c08c

    Fix a null pointer dereference when processing invalid XML-RPC requests (CVE-2010-0397, Closes: #573573)

      




Added tag(s) pending. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Sat, 13 Mar 2010 01:57:06 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'http://bugs.php.net/51288'. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Sat, 13 Mar 2010 18:09:03 GMT) Full text and rfc822 format available.

Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Sat, 13 Mar 2010 23:51:31 GMT) Full text and rfc822 format available.

Notification sent to Auke van Slooten <auke@muze.nl>:
Bug acknowledged by developer. (Sat, 13 Mar 2010 23:51:32 GMT) Full text and rfc822 format available.

Message #30 received at 573573-close@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 573573-close@bugs.debian.org
Subject: Bug#573573: fixed in php5 5.3.2-1
Date: Sat, 13 Mar 2010 23:48:40 +0000
Source: php5
Source-Version: 5.3.2-1

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache2-mod-php5_5.3.2-1_i386.deb
  to main/p/php5/libapache2-mod-php5_5.3.2-1_i386.deb
libapache2-mod-php5filter_5.3.2-1_i386.deb
  to main/p/php5/libapache2-mod-php5filter_5.3.2-1_i386.deb
php-pear_5.3.2-1_all.deb
  to main/p/php5/php-pear_5.3.2-1_all.deb
php5-cgi_5.3.2-1_i386.deb
  to main/p/php5/php5-cgi_5.3.2-1_i386.deb
php5-cli_5.3.2-1_i386.deb
  to main/p/php5/php5-cli_5.3.2-1_i386.deb
php5-common_5.3.2-1_i386.deb
  to main/p/php5/php5-common_5.3.2-1_i386.deb
php5-curl_5.3.2-1_i386.deb
  to main/p/php5/php5-curl_5.3.2-1_i386.deb
php5-dbg_5.3.2-1_i386.deb
  to main/p/php5/php5-dbg_5.3.2-1_i386.deb
php5-dev_5.3.2-1_i386.deb
  to main/p/php5/php5-dev_5.3.2-1_i386.deb
php5-enchant_5.3.2-1_i386.deb
  to main/p/php5/php5-enchant_5.3.2-1_i386.deb
php5-gd_5.3.2-1_i386.deb
  to main/p/php5/php5-gd_5.3.2-1_i386.deb
php5-gmp_5.3.2-1_i386.deb
  to main/p/php5/php5-gmp_5.3.2-1_i386.deb
php5-imap_5.3.2-1_i386.deb
  to main/p/php5/php5-imap_5.3.2-1_i386.deb
php5-interbase_5.3.2-1_i386.deb
  to main/p/php5/php5-interbase_5.3.2-1_i386.deb
php5-intl_5.3.2-1_i386.deb
  to main/p/php5/php5-intl_5.3.2-1_i386.deb
php5-ldap_5.3.2-1_i386.deb
  to main/p/php5/php5-ldap_5.3.2-1_i386.deb
php5-mcrypt_5.3.2-1_i386.deb
  to main/p/php5/php5-mcrypt_5.3.2-1_i386.deb
php5-mysql_5.3.2-1_i386.deb
  to main/p/php5/php5-mysql_5.3.2-1_i386.deb
php5-odbc_5.3.2-1_i386.deb
  to main/p/php5/php5-odbc_5.3.2-1_i386.deb
php5-pgsql_5.3.2-1_i386.deb
  to main/p/php5/php5-pgsql_5.3.2-1_i386.deb
php5-pspell_5.3.2-1_i386.deb
  to main/p/php5/php5-pspell_5.3.2-1_i386.deb
php5-recode_5.3.2-1_i386.deb
  to main/p/php5/php5-recode_5.3.2-1_i386.deb
php5-snmp_5.3.2-1_i386.deb
  to main/p/php5/php5-snmp_5.3.2-1_i386.deb
php5-sqlite_5.3.2-1_i386.deb
  to main/p/php5/php5-sqlite_5.3.2-1_i386.deb
php5-sybase_5.3.2-1_i386.deb
  to main/p/php5/php5-sybase_5.3.2-1_i386.deb
php5-tidy_5.3.2-1_i386.deb
  to main/p/php5/php5-tidy_5.3.2-1_i386.deb
php5-xmlrpc_5.3.2-1_i386.deb
  to main/p/php5/php5-xmlrpc_5.3.2-1_i386.deb
php5-xsl_5.3.2-1_i386.deb
  to main/p/php5/php5-xsl_5.3.2-1_i386.deb
php5_5.3.2-1.diff.gz
  to main/p/php5/php5_5.3.2-1.diff.gz
php5_5.3.2-1.dsc
  to main/p/php5/php5_5.3.2-1.dsc
php5_5.3.2-1_all.deb
  to main/p/php5/php5_5.3.2-1_all.deb
php5_5.3.2.orig.tar.gz
  to main/p/php5/php5_5.3.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 573573@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Geissert <geissert@debian.org> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 13 Mar 2010 15:11:48 -0600
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source all i386
Version: 5.3.2-1
Distribution: unstable
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geissert@debian.org>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-enchant - Enchant module for php5
 php5-gd    - GD module for php5
 php5-gmp   - GMP module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-intl  - internationalisation module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 407425 570144 570287 571714 571762 571764 571772 571974 572601 573367 573511 573573
Changes: 
 php5 (5.3.2-1) unstable; urgency=high
 .
   [ Sean Finney ]
   * Fix improper signed overflow detection in filter extension
     (Closes: #570287)
   * Another integer overflow/underflow logic fix. (Closes: #570144)
   * new debian patch fix_filter_var_email_test.patch (Closes: #571764)
   * New debian patch fix_var_dump_64bit.phpt.patch (Closes: #571772)
   * New debian patch use_embedded_timezonedb_fixes.patch (Closes: #571762)
 .
   [ Raphael Geissert ]
   * Build with qdbm support
   * Really run extensions' tests
   * Add a note about user_dirs in apache conf file (Closes: #571714)
   * Fix typo in debian/NEWS
   * Don't install a(nother) useless Structures_Graph sh script
   * Re-enable short_open_tag for CLI too (Closes: #573367)
   * Disable memory limit in CLI, letting ulimit do its job (Closes: #407425)
   * Fix the locale name in some tests (Closes: #573511)
   * Fix some gd tests that need the bundled library
   * Fix a null pointer dereference when processing invalid XML-RPC
     requests (CVE-2010-0397, Closes: #573573)
   * Fix an unaligned memory access in enchant_dict_suggest()
   * Fix another unaligned memory access in enchant
   * Test that the list of extensions to test is never empty
   * Update the list of alternative dependencies of php5-dbg
   * debian/rules cleanup
   * debian/control cleanup
   * Build against the system oniguruma library
   * Add libjpeg-dev as an alternative to libjpeg62-dev for future
     transitions
 .
   [ Ondřej Surý ]
   * Imported Upstream version 5.3.2
   * Updated suhosin patch to 0.9.9.1 version.
   * Removed debian/patches/suhosin_page_size_fixes.patch. (Closes: #571974)
   * Refreshed debian/patches/001-libtool_fixes.patch
   * Refreshed debian/patches/006-debian_quirks.patch
   * Adapt debian patches to 5.3.2.
   * Remove "binary" contents from
     debian/patches/fix_var_dump_64bit.phpt.patch
   * New debian patch fix_broken_sha2_test.patch
   * New debian patch always_use_system_crypt.patch (Closes: #572601)
   * New debian patch php_crypt_revamped.patch (Closes: #572601)
Checksums-Sha1: 
 4f353ef04297b60673d547c0277adfb766c55f42 2692 php5_5.3.2-1.dsc
 ef9e11975eee9bcd17ed535a21559a471a1061d2 13734462 php5_5.3.2.orig.tar.gz
 c73ff5592357322964ffeb06f1f90508ad3e1c4a 181135 php5_5.3.2-1.diff.gz
 f9289145f8a0ed4392f91d0ca607357c781e4bcc 1072 php5_5.3.2-1_all.deb
 734cfa36df5d8efb99723f5bb9cb1bb8bdbe29bb 361792 php-pear_5.3.2-1_all.deb
 7dbc07d240a7d8adcb0ac9f991ecf55fc605177f 519906 php5-common_5.3.2-1_i386.deb
 eb413fdd5631e04ea52d4d3ce2062d36c8b377e6 2768262 libapache2-mod-php5_5.3.2-1_i386.deb
 80f4ab2f965f7ca0990ec388da976ad335b395a8 2767004 libapache2-mod-php5filter_5.3.2-1_i386.deb
 7df60108d53674078ddcd994eb10760553aa7c34 5481816 php5-cgi_5.3.2-1_i386.deb
 8ed5831c53173752d8eb894c0ce2e1ad11fc33b3 2741034 php5-cli_5.3.2-1_i386.deb
 f5c7f95f8c501b27a3034a124961ba8d39bca29b 398722 php5-dev_5.3.2-1_i386.deb
 23b8e9f3e8fafde014399be255a66f22c1d4a035 10358172 php5-dbg_5.3.2-1_i386.deb
 a182a7785368c73e3f340499eb55fa3442c1cfc5 25556 php5-curl_5.3.2-1_i386.deb
 f7034785defbc5d7900cbaec89f927c0dabc7b08 7422 php5-enchant_5.3.2-1_i386.deb
 29a0a9531d755d03cbcf226478d54756eba26717 34696 php5-gd_5.3.2-1_i386.deb
 c2b7c655a259c3eb266457548918edefcab3e08e 14192 php5-gmp_5.3.2-1_i386.deb
 97e1851c1d9f3b391b8e4e7a5f758f173cf27585 31756 php5-imap_5.3.2-1_i386.deb
 1995aabcc5d48e62f93d321272a5f0d97228a6ed 46214 php5-interbase_5.3.2-1_i386.deb
 ca112cf837bfd8a19573d15261c35c01a5e0c0d6 53736 php5-intl_5.3.2-1_i386.deb
 ca7de002c37d67edd2af5fa128013b49d77d5fbc 17480 php5-ldap_5.3.2-1_i386.deb
 30259621330b8379e499f0ed86d6751e9bdf31eb 11578 php5-mcrypt_5.3.2-1_i386.deb
 8698dbe7e16a6f7dd222bec6c9bbd0bfbfd2bde9 64142 php5-mysql_5.3.2-1_i386.deb
 9887959cec348000693444dbbeb4f15b61055e6d 31272 php5-odbc_5.3.2-1_i386.deb
 67b8e4024802446c7913687be8cb5765f55aafd0 52092 php5-pgsql_5.3.2-1_i386.deb
 6d8693ee63d036c1209f9a9f18525aa2289d255b 7232 php5-pspell_5.3.2-1_i386.deb
 00c246c6daac307537c5846e25301fa26fc96101 4114 php5-recode_5.3.2-1_i386.deb
 8e662200ca8b2c51e54d546938a07f7dd5229b86 10238 php5-snmp_5.3.2-1_i386.deb
 9e545dd06e65e63b3160c62115ba36071a83b849 47648 php5-sqlite_5.3.2-1_i386.deb
 1d20312eeaefd663414e4a26a435c353e69f4cfd 23590 php5-sybase_5.3.2-1_i386.deb
 1425cf9b90e770fa9e7c73fe6f74aabf0430bb50 16326 php5-tidy_5.3.2-1_i386.deb
 ef1a69f54d53e765b22977c6875c641f6a04b927 31912 php5-xmlrpc_5.3.2-1_i386.deb
 077faf2e014eaa48948d02f71ceb07d045507869 12300 php5-xsl_5.3.2-1_i386.deb
Checksums-Sha256: 
 a8bac70ed1fbbe88ba3928543160243742823658c6ee14ee349baa095c4fe7b8 2692 php5_5.3.2-1.dsc
 a61f02b3b0a83c5a5b8b71a55c5760d1fb7290f1ec84eef1bdb8e8850a828f2f 13734462 php5_5.3.2.orig.tar.gz
 dc4b06e12f7fc195d7f0fb448f3fae2c77fdc2dd846143f59ccd4f6b43251974 181135 php5_5.3.2-1.diff.gz
 91f082d641c99956d79acd60ff2fdd5156c81eae67ddd480b6cba9df609e643a 1072 php5_5.3.2-1_all.deb
 ba75ea96db7786356f046fe7280ac40cf964fafa184539911c0fa6f9b242dc4a 361792 php-pear_5.3.2-1_all.deb
 ec02af34526795f87379a3a1bf95e763ea27359c5e470b232dc5f1906f2343af 519906 php5-common_5.3.2-1_i386.deb
 4896b757df028208dc75c40d362614d45bdabd4f6582cf62bb8df4c82e4b0c4a 2768262 libapache2-mod-php5_5.3.2-1_i386.deb
 95e6477163211ababd997a000a8395aa37789bb617d36489474cd4dcba1affba 2767004 libapache2-mod-php5filter_5.3.2-1_i386.deb
 8cc23b3359acdd3ea4bc0a43eb2af662d7e1d67f19426f3126084f3aca76fbe3 5481816 php5-cgi_5.3.2-1_i386.deb
 99e94b9f30503762ddd4dfcc58275a8130240d66ca15e9b6ecf81481c09ec44d 2741034 php5-cli_5.3.2-1_i386.deb
 6967532d19f38970432a23df93dc52518e4982e48ee8b0017d239ddf992ef853 398722 php5-dev_5.3.2-1_i386.deb
 702c7d3fc3dd81da81393da66c416c06ab1f3d9bd0d641940be2db338c958782 10358172 php5-dbg_5.3.2-1_i386.deb
 e178d07c699cd95c5f17fa404b0023c7af7e72bdf432adf8d865e88130ff506a 25556 php5-curl_5.3.2-1_i386.deb
 ba5f56c83b804a86de6e50a2ab8bd5167f25ba8625ef98fd90650cc4e5c8ffc6 7422 php5-enchant_5.3.2-1_i386.deb
 20be27958b25a9e6ad9ece9a6450eeff6513457fa35c37321b4c1110f5b1990e 34696 php5-gd_5.3.2-1_i386.deb
 7975cecf3f7e5cfa549e780b260bc6af06186f4335d01b446abf74b31d7f21b1 14192 php5-gmp_5.3.2-1_i386.deb
 9498bc3c6da9224996855da3161849c28509b177a1e87e2ab2a3b0e2afbd78f2 31756 php5-imap_5.3.2-1_i386.deb
 53fb9ec1c57115bf12e0b7eb9728f3d06e4137962aae2df5f6f354a4d04427bf 46214 php5-interbase_5.3.2-1_i386.deb
 c43c1d0ab6ec8d5736ef4c0a6f183f68f1f842c07f63d04e12c654c6f68f1872 53736 php5-intl_5.3.2-1_i386.deb
 2f4352b421d6ec8b6b3efeb57006a91332c7788c8328eeec3cb322dfeb26783b 17480 php5-ldap_5.3.2-1_i386.deb
 37364c76c8256dc7b8eadc20de43e54a1ca2894352edbc7d6babd0e792958967 11578 php5-mcrypt_5.3.2-1_i386.deb
 bf3ce127ddb1a2fabdfaf27fc7bd46b798a998142cd05158c5e599a8bbd00c06 64142 php5-mysql_5.3.2-1_i386.deb
 0bd9fc9c4a26bc940aecf9bb1fea8e74cb123c976c892037c3a1b5e819d0046d 31272 php5-odbc_5.3.2-1_i386.deb
 4229e7701abb3c059339a2823cd98bdcdc34b6f0e69c88cc1db2293367495524 52092 php5-pgsql_5.3.2-1_i386.deb
 71832dfbe9e539f6296b162b49e24e243dcbab2ec85d93249a171cf411e3ead7 7232 php5-pspell_5.3.2-1_i386.deb
 ba20f6f9156a37e45677fc42c7119b3239eb47ab0160a23ad1cc488018e65389 4114 php5-recode_5.3.2-1_i386.deb
 6b06cb4614e4ed8e5b2833a8b052cdbd61a71594dd7e9931b4dedf2fa2b64e88 10238 php5-snmp_5.3.2-1_i386.deb
 7269d3c4fd345b3344347faaf970934c0676237fbd5916f25e5d09969e6e8098 47648 php5-sqlite_5.3.2-1_i386.deb
 6cb9ea3d30d3e0f0432fffeb4a6a12ce5f18d2c1cecec79cf3cd07a10bdb48de 23590 php5-sybase_5.3.2-1_i386.deb
 c17eb95f5839dcda17782b219955b4b77c26345b39add4dc345c9e799af3406b 16326 php5-tidy_5.3.2-1_i386.deb
 c1da895fb9a69086266ceb06ba2b89b87ab59ddff92b569e76ab9590317af57a 31912 php5-xmlrpc_5.3.2-1_i386.deb
 072b31737de147ea6e292545534d1a7709c27719c6fe700918b512d2121a92ba 12300 php5-xsl_5.3.2-1_i386.deb
Files: 
 82310921a47b2834402d5d4599fc7cac 2692 php optional php5_5.3.2-1.dsc
 4480d7c6d6b4a86de7b8ec8f0c2d1871 13734462 php optional php5_5.3.2.orig.tar.gz
 850863a5d82b1e1b13d94e8e448de0f8 181135 php optional php5_5.3.2-1.diff.gz
 1c393146edf121bcaddce0974e508553 1072 php optional php5_5.3.2-1_all.deb
 7820bc2418453a774b0d68dbe85b1109 361792 php optional php-pear_5.3.2-1_all.deb
 889cc7567a848b3d0d9ddee48edb4997 519906 php optional php5-common_5.3.2-1_i386.deb
 df57f07b4fac377dd155f3d9633d8f19 2768262 httpd optional libapache2-mod-php5_5.3.2-1_i386.deb
 cb78495f1c51a95f642b29508b5b5697 2767004 httpd optional libapache2-mod-php5filter_5.3.2-1_i386.deb
 b5b9153ea2cac2957dca8b225d97872a 5481816 php optional php5-cgi_5.3.2-1_i386.deb
 492875d4b2ffbc315a08f9b00b2b3b2b 2741034 php optional php5-cli_5.3.2-1_i386.deb
 ebcc79351575c72140e41be1b1f4b5ed 398722 php optional php5-dev_5.3.2-1_i386.deb
 f58d9750be933f317dc64c8b8193457c 10358172 debug extra php5-dbg_5.3.2-1_i386.deb
 f6f9f8747f033991e96748f6bbe33dd7 25556 php optional php5-curl_5.3.2-1_i386.deb
 703982bfe13026fe5b60e0e34f9a9eff 7422 php optional php5-enchant_5.3.2-1_i386.deb
 044cffe0ecfa9ad4dd52047dba2a9e04 34696 php optional php5-gd_5.3.2-1_i386.deb
 6b6857c4a44d2512b33520a0819c0369 14192 php optional php5-gmp_5.3.2-1_i386.deb
 17d9aa8d84605722ac06f4534a58888e 31756 php optional php5-imap_5.3.2-1_i386.deb
 c463106d79727f7e99f1c7ff8e322145 46214 php optional php5-interbase_5.3.2-1_i386.deb
 22ffc04fcdf6b078db84a787fb306462 53736 php optional php5-intl_5.3.2-1_i386.deb
 ef2f19b81a1009d831af88adccf06745 17480 php optional php5-ldap_5.3.2-1_i386.deb
 3e2852163a6349a82550e82e69b2da42 11578 php optional php5-mcrypt_5.3.2-1_i386.deb
 1897068be047c9194aa6e9800ceb343d 64142 php optional php5-mysql_5.3.2-1_i386.deb
 efd78c32bac52e0eccd6fda42ee50255 31272 php optional php5-odbc_5.3.2-1_i386.deb
 d9a772666ff48b22628735fd399e54a8 52092 php optional php5-pgsql_5.3.2-1_i386.deb
 eaa77015850f32451670eca4fc65a276 7232 php optional php5-pspell_5.3.2-1_i386.deb
 19e5994bf6b86295ed5d3039856d442b 4114 php optional php5-recode_5.3.2-1_i386.deb
 5ac5eaed0675efba703d86f23124da6c 10238 php optional php5-snmp_5.3.2-1_i386.deb
 b4cda4e11dedff609b249933486b41b6 47648 php optional php5-sqlite_5.3.2-1_i386.deb
 0ce3261673974db9ded93f0e291f0028 23590 php optional php5-sybase_5.3.2-1_i386.deb
 9fdc981a98d85edb186db3f74064afef 16326 php optional php5-tidy_5.3.2-1_i386.deb
 96170e17f1a938027665af17c8958d6d 31912 php optional php5-xmlrpc_5.3.2-1_i386.deb
 368e82e6e521d6fbc42479742696d837 12300 php optional php5-xsl_5.3.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkucHYQACgkQYy49rUbZzlrC1QCeI+kocWtJIAzCVjck43ATekO6
YYcAn3G0bGEih3QkkHTslc4/ONj5ahTA
=mJ+G
-----END PGP SIGNATURE-----





Reply sent to Raphael Geissert <geissert@debian.org>:
You have taken responsibility. (Thu, 18 Mar 2010 19:54:09 GMT) Full text and rfc822 format available.

Notification sent to Auke van Slooten <auke@muze.nl>:
Bug acknowledged by developer. (Thu, 18 Mar 2010 19:54:09 GMT) Full text and rfc822 format available.

Message #35 received at 573573-close@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 573573-close@bugs.debian.org
Subject: Bug#573573: fixed in php5 5.2.6.dfsg.1-1+lenny8
Date: Thu, 18 Mar 2010 19:52:48 +0000
Source: php5
Source-Version: 5.2.6.dfsg.1-1+lenny8

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_i386.deb
libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_i386.deb
php-pear_5.2.6.dfsg.1-1+lenny8_all.deb
  to main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny8_all.deb
php5-cgi_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-cli_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-common_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-curl_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-dbg_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-dev_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-gd_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-gmp_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-imap_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-interbase_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-ldap_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-mcrypt_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-mhash_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-mysql_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-odbc_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-pgsql_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-pspell_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-recode_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-snmp_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-sqlite_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-sybase_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-tidy_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_i386.deb
php5-xsl_5.2.6.dfsg.1-1+lenny8_i386.deb
  to main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_i386.deb
php5_5.2.6.dfsg.1-1+lenny8.diff.gz
  to main/p/php5/php5_5.2.6.dfsg.1-1+lenny8.diff.gz
php5_5.2.6.dfsg.1-1+lenny8.dsc
  to main/p/php5/php5_5.2.6.dfsg.1-1+lenny8.dsc
php5_5.2.6.dfsg.1-1+lenny8_all.deb
  to main/p/php5/php5_5.2.6.dfsg.1-1+lenny8_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 573573@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Geissert <geissert@debian.org> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 14 Mar 2010 01:05:03 -0600
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-imap php5-interbase php5-ldap php5-mcrypt php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source i386 all
Version: 5.2.6.dfsg.1-1+lenny8
Distribution: stable-security
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geissert@debian.org>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-gmp   - GMP module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 573573
Changes: 
 php5 (5.2.6.dfsg.1-1+lenny8) stable-security; urgency=high
 .
   * Fix CVE-2010-0397: null pointer dereference when processing invalid
     XML-RPC requests (Closes: #573573)
Checksums-Sha1: 
 8cc173d40aff944920b461efec740d87ab40400e 2529 php5_5.2.6.dfsg.1-1+lenny8.dsc
 5d1fd2dd69ea64a05a53df8b0e54340a91994eba 175880 php5_5.2.6.dfsg.1-1+lenny8.diff.gz
 7082bb2e47649461bd43dbf0bd6e8b518a382743 365490 php5-common_5.2.6.dfsg.1-1+lenny8_i386.deb
 e0ad21dc2735ea888516442dec8f8cd7804e3c34 2484236 libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_i386.deb
 aecc26641eabfbdf314e5840f01e321d3a6d824a 2482924 libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_i386.deb
 17784c6e464036e65a7d9c0422dc3d79f2f5c10e 4910920 php5-cgi_5.2.6.dfsg.1-1+lenny8_i386.deb
 86d73e6eccfd241caa6952375c13804e7aa49dee 2474770 php5-cli_5.2.6.dfsg.1-1+lenny8_i386.deb
 b408b3a46aa27094a0c5c872cb7e8414e0834aaa 365592 php5-dev_5.2.6.dfsg.1-1+lenny8_i386.deb
 f95f66e8cf14139e54acdea3c6e3b3981444bc57 8471056 php5-dbg_5.2.6.dfsg.1-1+lenny8_i386.deb
 63536f0e9046ff27c36e1d9379c845f8d7bfff29 23772 php5-curl_5.2.6.dfsg.1-1+lenny8_i386.deb
 13357c0a5f7b6f6f58201afac162ecebbe92c5e2 32390 php5-gd_5.2.6.dfsg.1-1+lenny8_i386.deb
 2b22adf181d6dc7a5160b28eadbfda121dbc84dd 14200 php5-gmp_5.2.6.dfsg.1-1+lenny8_i386.deb
 8bc9c68b8822f32a4a4545d1de50d851b11ddb9d 34602 php5-imap_5.2.6.dfsg.1-1+lenny8_i386.deb
 b2da830239b263bfc64bfff95adcaf1e8c9d5e7d 45156 php5-interbase_5.2.6.dfsg.1-1+lenny8_i386.deb
 8acf20b1a004b311e00cb99df79b7c00087d85df 18236 php5-ldap_5.2.6.dfsg.1-1+lenny8_i386.deb
 5aca58b4a86c50a4fc4e5600c98e4b8671a8600b 12920 php5-mcrypt_5.2.6.dfsg.1-1+lenny8_i386.deb
 96edece05ecac5418f3ad2aa660ae80e2c18003d 5158 php5-mhash_5.2.6.dfsg.1-1+lenny8_i386.deb
 1835b04ee8ce9cc90bf99f8107c283266719ed66 65740 php5-mysql_5.2.6.dfsg.1-1+lenny8_i386.deb
 d00d958b60ef6fc8e1dc4821197275e20aa4cdf0 33542 php5-odbc_5.2.6.dfsg.1-1+lenny8_i386.deb
 9f618da7750bdf6fa801e3a761183631369eee8e 52362 php5-pgsql_5.2.6.dfsg.1-1+lenny8_i386.deb
 2520ed660ffe8896c5b2a43c765168132d1ec7d7 8466 php5-pspell_5.2.6.dfsg.1-1+lenny8_i386.deb
 c9533ba468dc72bfdea30a8c2a68ba5229d3e930 4856 php5-recode_5.2.6.dfsg.1-1+lenny8_i386.deb
 cf0c3111ac85ece0f2c632bb34af4f0b32605e16 11592 php5-snmp_5.2.6.dfsg.1-1+lenny8_i386.deb
 f87cc9f79a99d31dc54181ff57df29419c6ccf70 34520 php5-sqlite_5.2.6.dfsg.1-1+lenny8_i386.deb
 d7c54276490a38c16d1ba6f0ff2f6a141c89a7d0 25960 php5-sybase_5.2.6.dfsg.1-1+lenny8_i386.deb
 70ab671261ab4248dcdf5614450efd249a9a8a6b 16606 php5-tidy_5.2.6.dfsg.1-1+lenny8_i386.deb
 45feecb31a18c511098d346f5af7aabb757aa626 37712 php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_i386.deb
 7a1422138820068a770a960651c09739a7d56da8 12814 php5-xsl_5.2.6.dfsg.1-1+lenny8_i386.deb
 67c7f2453d64afe201a22b1fd3b56b1103c3ddd4 1082 php5_5.2.6.dfsg.1-1+lenny8_all.deb
 1683909c7a8d9f0666c49461d763e765c73fc7ac 334494 php-pear_5.2.6.dfsg.1-1+lenny8_all.deb
Checksums-Sha256: 
 724b1f3dca02ebb31f69d19d3f582cc140a949669c56b901293ca6a3c84cf7df 2529 php5_5.2.6.dfsg.1-1+lenny8.dsc
 1b84044a075a037ded711f1fc7895afeead99a038233714dbfb9a37cff435d3f 175880 php5_5.2.6.dfsg.1-1+lenny8.diff.gz
 f21d4c65f6fbeeda1ea2f645045ecb98e9d73e9d86b15ef941ff69c885fa02bf 365490 php5-common_5.2.6.dfsg.1-1+lenny8_i386.deb
 04d808f4b228d9985eda204a24f7a516808638c60d54ae4fd71d248af70a3cc7 2484236 libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_i386.deb
 dada3f64893af0dd70a5529378c6ca92f3b2e9f0300fa3fdff7ab0d993ae6131 2482924 libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_i386.deb
 dc30b7bfb671c7b8f0f5dceccbb8fbb2e23afa6387b90211e8ea3d9eb6eac6cd 4910920 php5-cgi_5.2.6.dfsg.1-1+lenny8_i386.deb
 0dee127442d2546a8b90c6db732ae2fd044d65a764333c2b0ef286c7ba686b0d 2474770 php5-cli_5.2.6.dfsg.1-1+lenny8_i386.deb
 d113005a2f94886f3178a8648dcf02aa264b9015361be2122293375e51545190 365592 php5-dev_5.2.6.dfsg.1-1+lenny8_i386.deb
 27bb03196fe5ef7ae96be92a2f3fdcc5788e79301d3f99ca178ad648763ce7e4 8471056 php5-dbg_5.2.6.dfsg.1-1+lenny8_i386.deb
 933d412f647423b49dc24f941636c2466ed4c8f84b893b99a97162f5fbe35619 23772 php5-curl_5.2.6.dfsg.1-1+lenny8_i386.deb
 0aa97fdd3376b1b0b934c4eedfecaaa2798ebbd0f21e1fef50f565b26c4f0cad 32390 php5-gd_5.2.6.dfsg.1-1+lenny8_i386.deb
 8c3a53c747f9fb653a8b03b009ef4a487afb3a5a895077921dff816826f464d1 14200 php5-gmp_5.2.6.dfsg.1-1+lenny8_i386.deb
 e75c028948ff10886f001585cf8b9fc973bc020d9b14d8c26fe4e96add7a3a94 34602 php5-imap_5.2.6.dfsg.1-1+lenny8_i386.deb
 27f2155fda0d42139a4a909183ba4382f4ed76b31ae811242cf1962a1bee6d31 45156 php5-interbase_5.2.6.dfsg.1-1+lenny8_i386.deb
 6c0fa5a8cb8a17c23395bdbb0655cc643d7593ad502213fb003ae48ed0af544c 18236 php5-ldap_5.2.6.dfsg.1-1+lenny8_i386.deb
 01650918bcef158a92c4ef435ccdd019219e39c94f743e89379d2db8fa1bc93f 12920 php5-mcrypt_5.2.6.dfsg.1-1+lenny8_i386.deb
 83236c58af6edf25e9be988979debe0060ee65b475e91747b56feec287553c47 5158 php5-mhash_5.2.6.dfsg.1-1+lenny8_i386.deb
 839b4d59ebe14305b27777be49d93a58b033a7dd03a0eadf2343c1dd5b21a92f 65740 php5-mysql_5.2.6.dfsg.1-1+lenny8_i386.deb
 5a8dd82e83c066823cbf8c5334fedb358fa1a6a517d1c7536ceeeebb52ef7c57 33542 php5-odbc_5.2.6.dfsg.1-1+lenny8_i386.deb
 e58e33ebbf5d8a9b849ac844fb26b8d326335691ef818ec3d428ce521b405bb8 52362 php5-pgsql_5.2.6.dfsg.1-1+lenny8_i386.deb
 6f21aec471d06eb3c38c9271eabb8ea1a816e38dadf0e69bbb1757d4ccf5237c 8466 php5-pspell_5.2.6.dfsg.1-1+lenny8_i386.deb
 ce751eb3925aed40df8a5a2904f4eb29189261cfbb7b5fc569bf572254c4b9bd 4856 php5-recode_5.2.6.dfsg.1-1+lenny8_i386.deb
 cb10fee6a16e2f3ede44a80ce82e9154e2198cb51b06c36882880e71db2ce628 11592 php5-snmp_5.2.6.dfsg.1-1+lenny8_i386.deb
 bb56c634b794784895bb120bf679c01d884da5bc9b6680ee998906ec02a3e8fb 34520 php5-sqlite_5.2.6.dfsg.1-1+lenny8_i386.deb
 5bac134a4abefe2f13d011b85fd779bf56f2c83fa20beab70dbff0209b4bd16f 25960 php5-sybase_5.2.6.dfsg.1-1+lenny8_i386.deb
 7ee1275dd6e1dfe56f4a2d95c7fc39da3366684ba01c231011e8d41c3bd5983d 16606 php5-tidy_5.2.6.dfsg.1-1+lenny8_i386.deb
 f46c97700eaff6917032b1c57579e1b287b67c500e433e96e441ea73379ce328 37712 php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_i386.deb
 08408697d8dfef8bb0193a59dfb814f04e470e61d3c135fd68a2c56fd859b35d 12814 php5-xsl_5.2.6.dfsg.1-1+lenny8_i386.deb
 cc7d258e78fef574f393cea0f94a0289497813e92e3a6986dec6b8628957fd29 1082 php5_5.2.6.dfsg.1-1+lenny8_all.deb
 14903ceea6f62e2dfb532c0fb806affaceabfd289d19f12da38ffb78518787bb 334494 php-pear_5.2.6.dfsg.1-1+lenny8_all.deb
Files: 
 93b23f073a18e3b0c4c50852f8615faa 2529 web optional php5_5.2.6.dfsg.1-1+lenny8.dsc
 1343f7c30c8b765ae035073de648774a 175880 web optional php5_5.2.6.dfsg.1-1+lenny8.diff.gz
 980d5f3155ea1286c6ab1118a6a5b465 365490 web optional php5-common_5.2.6.dfsg.1-1+lenny8_i386.deb
 8844c79e0ff9cb8be5b9e74b63957dcb 2484236 web optional libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_i386.deb
 769ec7876ccdfad04898a481b219dddd 2482924 web optional libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_i386.deb
 20ce9f264c2a26321e20ffb035f31ad7 4910920 web optional php5-cgi_5.2.6.dfsg.1-1+lenny8_i386.deb
 63592fba758feff47c804560fe0120af 2474770 web optional php5-cli_5.2.6.dfsg.1-1+lenny8_i386.deb
 0f1a700174882f23cc040193cdc3bcbb 365592 devel optional php5-dev_5.2.6.dfsg.1-1+lenny8_i386.deb
 9a916fdabfdf20cb4df7ee7ff681361e 8471056 devel extra php5-dbg_5.2.6.dfsg.1-1+lenny8_i386.deb
 a57b26f036079c4ba073225898e11389 23772 web optional php5-curl_5.2.6.dfsg.1-1+lenny8_i386.deb
 fb4c59c430c5391d60612aa82fe881aa 32390 web optional php5-gd_5.2.6.dfsg.1-1+lenny8_i386.deb
 6efab8f02ebb4dabff1f3059835785de 14200 web optional php5-gmp_5.2.6.dfsg.1-1+lenny8_i386.deb
 94a9e51bf07ad346c035187616855761 34602 web optional php5-imap_5.2.6.dfsg.1-1+lenny8_i386.deb
 d8a586d836bbf55d27e8267eabe65f2c 45156 web optional php5-interbase_5.2.6.dfsg.1-1+lenny8_i386.deb
 d08fed7c538b3bcd74cda88c9742fcaa 18236 web optional php5-ldap_5.2.6.dfsg.1-1+lenny8_i386.deb
 e0206349c0683df85ccae0c9e08013a2 12920 web optional php5-mcrypt_5.2.6.dfsg.1-1+lenny8_i386.deb
 b5246ea21602172fef79b3e1e417c7ab 5158 web optional php5-mhash_5.2.6.dfsg.1-1+lenny8_i386.deb
 65555f638f38bd43372d3c83fecf3327 65740 web optional php5-mysql_5.2.6.dfsg.1-1+lenny8_i386.deb
 c4d14a051e42bdeb1fe6586460acbb02 33542 web optional php5-odbc_5.2.6.dfsg.1-1+lenny8_i386.deb
 783b77922522c9d126b30758397167bc 52362 web optional php5-pgsql_5.2.6.dfsg.1-1+lenny8_i386.deb
 727ace5fb9c63bd17fec97af5638a392 8466 web optional php5-pspell_5.2.6.dfsg.1-1+lenny8_i386.deb
 a87b2ba2ca2ebc96cd252f954eace9b1 4856 web optional php5-recode_5.2.6.dfsg.1-1+lenny8_i386.deb
 fe3b92f2ef0ba4041766af72e70c7a7b 11592 web optional php5-snmp_5.2.6.dfsg.1-1+lenny8_i386.deb
 9afea0dce70f7cad4adade34064a7dc6 34520 web optional php5-sqlite_5.2.6.dfsg.1-1+lenny8_i386.deb
 e2b48ace97bffb305e7d821c0649a403 25960 web optional php5-sybase_5.2.6.dfsg.1-1+lenny8_i386.deb
 06e0d320511d251eab9def722ddf8c5d 16606 web optional php5-tidy_5.2.6.dfsg.1-1+lenny8_i386.deb
 dd7e18dba3d5ec93baf3665b6ad66ea8 37712 web optional php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_i386.deb
 6e27b28b1e590fc3a07fc44a5ff878d1 12814 web optional php5-xsl_5.2.6.dfsg.1-1+lenny8_i386.deb
 149057986a253a51989ae5f1c307c5c9 1082 web optional php5_5.2.6.dfsg.1-1+lenny8_all.deb
 612135a669d48380f2648bb8c1e30c0c 334494 web optional php-pear_5.2.6.dfsg.1-1+lenny8_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkucng8ACgkQYy49rUbZzlrvaQCgkuXoINiMpaCsdFScuhX8D6l8
NN4AnRUdmbnCm5yx7rbxxE/OLakOsmND
=9FdO
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#573573; Package php5-xmlrpc. (Fri, 19 Mar 2010 01:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 19 Mar 2010 01:00:03 GMT) Full text and rfc822 format available.

Message #40 received at 573573@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: 573573@bugs.debian.org
Cc: ,control@bugs.debian.org
Subject: [debian/debian-lenny] Fix CVE-2010-0397: null pointer dereference when processing invalid XML-RPC requests (Closes: #573573)
Date: Fri, 19 Mar 2010 00:57:29 +0000
tag 573573 pending
thanks

Date: Sat Mar 13 15:22:26 2010 -0600
Author: Raphael Geissert <geissert@debian.org>
Commit ID: 8dc2658501a6ed61fd51f4bc42b869a735bf1b6b
Commit URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=8dc2658501a6ed61fd51f4bc42b869a735bf1b6b
Patch URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff_plain;h=8dc2658501a6ed61fd51f4bc42b869a735bf1b6b

    Fix CVE-2010-0397: null pointer dereference when processing invalid XML-RPC requests (Closes: #573573)

      




Added tag(s) pending. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 19 Mar 2010 01:00:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 12 May 2010 07:45:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 07:56:04 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.