Debian Bug report logs -
#774154
php5: CVE-2014-9425: double free in Zend/zend_ts_hash.c
Reported by: Henri Salo <henri@nerv.fi>
Date: Mon, 29 Dec 2014 16:33:02 UTC
Severity: wishlist
Tags: fixed-upstream, security, upstream
Found in versions php5/5.6.4+dfsg-1, php5/5.4.4-14, php5/5.4.4-1
Fixed in version 5.6.26+dfsg-1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://bugs.php.net/bug.php?id=68676
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#774154; Package php5.
(Mon, 29 Dec 2014 16:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 29 Dec 2014 16:33:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: php5
Version: 5.6.4+dfsg-1
Severity: important
Tags: security, fixed-upstream
Please see https://bugs.php.net/bug.php?id=68676 for details.
- --
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlShggUACgkQXf6hBi6kbk8jNwCfYNiExslA1E8u/+Pxg5458e3C
LIYAoI9ddbXHoOlhsI+513W2q87ZIgFK
=Gc9L
-----END PGP SIGNATURE-----
Changed Bug title to 'CVE-2014-9425: php5: double free in Zend/zend_ts_hash.c' from 'php5: double free in Zend/zend_ts_hash.c'
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Mon, 29 Dec 2014 16:48:17 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 29 Dec 2014 18:12:16 GMT) (full text, mbox, link).
Changed Bug title to 'php5: CVE-2014-9425: double free in Zend/zend_ts_hash.c' from 'CVE-2014-9425: php5: double free in Zend/zend_ts_hash.c'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 29 Dec 2014 18:12:17 GMT) (full text, mbox, link).
Marked as found in versions php5/5.4.4-14.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 29 Dec 2014 18:18:11 GMT) (full text, mbox, link).
Marked as found in versions php5/5.4.4-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 29 Dec 2014 18:18:19 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#774154; Package php5.
(Mon, 29 Dec 2014 18:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Mon, 29 Dec 2014 18:39:04 GMT) (full text, mbox, link).
Message #20 received at 774154@bugs.debian.org (full text, mbox, reply):
Hi Henri,
On Mon, Dec 29, 2014 at 06:32:05PM +0200, Henri Salo wrote:
> Package: php5
> Version: 5.6.4+dfsg-1
> Severity: important
> Tags: security, fixed-upstream
>
> Please see https://bugs.php.net/bug.php?id=68676 for details.
If I see it correctly, but please double check: the affected code is
present, but the corresponding code is only used if
--enable-maintainer-zts is passed to configure.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#774154; Package php5.
(Tue, 30 Dec 2014 15:18:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Tue, 30 Dec 2014 15:18:12 GMT) (full text, mbox, link).
Message #25 received at 774154@bugs.debian.org (full text, mbox, reply):
Control: severity -1 wishlist
On Mon, Dec 29, 2014, at 19:36, Salvatore Bonaccorso wrote:
> Hi Henri,
>
> On Mon, Dec 29, 2014 at 06:32:05PM +0200, Henri Salo wrote:
> > Package: php5
> > Version: 5.6.4+dfsg-1
> > Severity: important
> > Tags: security, fixed-upstream
> >
> > Please see https://bugs.php.net/bug.php?id=68676 for details.
>
> If I see it correctly, but please double check: the affected code is
> present, but the corresponding code is only used if
> --enable-maintainer-zts is passed to configure.
I think you are correct. We don't compile PHP5 with ZTS in Debian.
Marking it as wishlist, since the bug is there, but it doesn't affect
us.
Cheers,
--
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Severity set to 'wishlist' from 'important'
Request was from Ondřej Surý <ondrej@sury.org>
to 774154-submit@bugs.debian.org.
(Tue, 30 Dec 2014 15:18:12 GMT) (full text, mbox, link).
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Fri, 13 Jan 2017 13:06:54 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Fri, 13 Jan 2017 13:06:54 GMT) (full text, mbox, link).
Message #34 received at 774154-done@bugs.debian.org (full text, mbox, reply):
Version: 5.6.26+dfsg-1+rm
Dear submitter,
as the package php5 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/841781
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 11 Feb 2017 07:33:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 00:44:26 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.