First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 214576
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
pecl-apc-3.0.16-CVE-2008-1488.patch pecl-apc-3.0.16-CVE-2008-1488.patch patch Jan Rieger 2008-03-28 14:20 0000 732 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 214576 depends on: Show dependency tree
Bug 214576 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-03-24 19:06 0000 
See upstream bug report. No upstream fix yet.

------- Comment #1 From Robert Buchholz 2008-03-24 19:32:08 0000 ------- 
cve requested via http://thread.gmane.org/gmane.comp.security.oss.general/150

------- Comment #2 From Jakub Moc (RETIRED) 2008-03-25 23:00:25 0000 ------- 
3.0.17 InCVS...

------- Comment #3 From Hanno Boeck 2008-03-26 00:22:01 0000 ------- 
archs, please stabilize

------- Comment #4 From Hanno Boeck 2008-03-26 02:11:52 0000 ------- 
3.0.17 causes unreliably error 500 messages on my server, so probably needs
further investigation.

------- Comment #5 From Robert Buchholz 2008-03-26 23:14:31 0000 ------- 
back to [ebuild] then.

------- Comment #6 From Jan Rieger 2008-03-28 13:18:36 0000 ------- 
3.0.17 causes segmentation faults, see
http://pecl.php.net/bugs/bug.php?id=13511

There is a 3.0.16 ebuild available at
http://christian-seiler.de/temp/pecl-apc-3.0.16-CVE-overlay.tar.gz including a
patch for CVE-2008-1488 that doesn't cause segmentation faults for me on amd64.

------- Comment #7 From Robert Buchholz 2008-03-28 14:07:54 0000 ------- 
(In reply to comment #6)
> 3.0.17 causes segmentation faults, see
> http://pecl.php.net/bugs/bug.php?id=13511
> 
> There is a 3.0.16 ebuild available at
> http://christian-seiler.de/temp/pecl-apc-3.0.16-CVE-overlay.tar.gz including a
> patch for CVE-2008-1488 that doesn't cause segmentation faults for me on amd64.

Jan, can you please simply attach the patch (and any non-trivial changes to the
ebuild) on this bug? Thanks.

------- Comment #8 From Jan Rieger 2008-03-28 14:20:14 0000 ------- 
Created an attachment (id=147546) [details]
pecl-apc-3.0.16-CVE-2008-1488.patch

(In reply to comment #7)
> Jan, can you please simply attach the patch (and any non-trivial changes to the
> ebuild) on this bug? Thanks.

Added pecl-apc-3.0.16-CVE-2008-1488.patch

The only addidtion to the ebuild is:

        epatch "${FILESDIR}"/${P}-CVE-2008-1488.patch

------- Comment #9 From Jakub Moc (RETIRED) 2008-03-28 19:23:55 0000 ------- 
(In reply to comment #8)
> Created an attachment (id=147546) [edit] [details]
> pecl-apc-3.0.16-CVE-2008-1488.patch

3.0.16-r1 committed with this patch; lets give it another try...

------- Comment #10 From Markus Meier 2008-03-28 21:43:26 0000 ------- 
amd64/x86 stable

------- Comment #11 From Hanno Boeck 2008-03-29 13:53:35 0000 ------- 
Upstream has released 3.0.18 which should fix the .17-problems.

------- Comment #12 From Raúl Porcel 2008-03-30 10:47:41 0000 ------- 
sparc stable

------- Comment #13 From Tobias Scherbaum 2008-03-31 18:50:54 0000 ------- 
ppc stable

------- Comment #14 From Robert Buchholz 2008-04-03 14:46:27 0000 ------- 
request filed.

------- Comment #15 From Robert Buchholz 2008-04-09 09:50:28 0000 ------- 
GLSA 200804-07, thanks.
First Last Prev Next    No search results available      Search page      Enter new bug