Debian Bug report logs -
#726320
php5-fpm: null dereference and buffer overflow
Reported by: William Dauchy <wdauchy@gmail.com>
Date: Mon, 14 Oct 2013 14:39:01 UTC
Severity: normal
Tags: patch
Found in version php5/5.4.4-14+deb7u5
Fixed in versions php5/5.4.4-14+deb7u7, 5.4.4-14+deb7u6
Done: Thijs Kinkhorst <thijs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#726320; Package php5-fpm.
(Mon, 14 Oct 2013 14:39:05 GMT) (full text, mbox, link).
Acknowledgement sent
to William Dauchy <wdauchy@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 14 Oct 2013 14:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php5-fpm
Version: 5.4.4-14+deb7u5
Severity: normal
Tags: patch
A possible was spotted upstream one year ago at:
fpm/fpm/fpm_events.c|435|
fpm/fpm/fpm_events.c|191|
fpm/fpm/fpm_log.c|459|
see https://bugs.php.net/63581
We should probably apply in the fix before getting real issues with that.
(The fix is one year old)
see upstream fix:
http://git.php.net/?p=php-src.git;a=commit;h=f08060a48fadf079e860be73584ac87747dc59d6
Thanks,
--
William
Reply sent
to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility.
(Thu, 12 Dec 2013 21:00:29 GMT) (full text, mbox, link).
Notification sent
to William Dauchy <wdauchy@gmail.com>:
Bug acknowledged by developer.
(Thu, 12 Dec 2013 21:00:29 GMT) (full text, mbox, link).
Message #10 received at 726320-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 5.4.4-14+deb7u6
php5 (5.4.4-14+deb7u6) stable; urgency=low
[ William Dauchy ]
* upstream fix: curl memory leak (Closes: #725868)
* upstream fix: allow root to run php-fpm (Closes: #725890)
* upstream fix: remove annoying warnings with php-fpm and user usage
(Closes: #725972)
* upstream fix: memoryleak in function declaration (Closes: #726033)
* upstream fix: munmap() is called with the incorrect length (Closes:
#726037)
* upstream fix: segfault on zend_deactivate (Closes: #726295)
* upstream fix: Possible null dereference (Closes: #726320)
* upstream fix: Phar::buildFromDirectory creates corrupt archives
(Closes: #726379)
* upstream fix: segfault while loading extensions (Closes: #726627)
* upstream fix: (un)serialize() leaves dangling pointers, causes crashes
(Closes: #726633)
[signature.asc (application/pgp-signature, inline)]
Marked as fixed in versions php5/5.4.4-14+deb7u7.
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Thu, 12 Dec 2013 22:33:09 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 10 Jan 2014 07:26:50 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 03:28:11 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.