CVE-2010-1860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860): The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.
CVE-2010-1861 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861): The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource. CVE-2010-1862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862): The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. CVE-2010-1864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864): The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. CVE-2010-1866 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866): The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. CVE-2010-1868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868): The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory. CVE-2010-1914 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914): The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function. CVE-2010-1915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915): The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. CVE-2010-1917 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917): Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string. CVE-2010-2093 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093): Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. CVE-2010-2094 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094): Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. CVE-2010-2097 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097): The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. CVE-2010-2100 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100): The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. CVE-2010-2101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101): The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. CVE-2010-2190 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190): The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature. CVE-2010-2191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191): The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature. CVE-2010-2225 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225): Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
php: can we go stable with 5.2.14?
*** Bug 329547 has been marked as a duplicate of this bug. ***
*** Bug 329545 has been marked as a duplicate of this bug. ***
Yes. Good on my end. I couldn't test ALL USE combinations, but the most obvious ones are fine here.
Arches, please test and mark stable: =dev-lang/php-5.2.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 done
x86 stable
(In reply to comment #8) > x86 stable > I am getting an error while compiling. Will try to reproduce and open a new bugreport.
(In reply to comment #9) > (In reply to comment #8) > > x86 stable > > > > I am getting an error while compiling. Will try to reproduce and open a new > bugreport. > See: Bug 332195
Marked ppc/ppc64 stable, but just 5.2.14, we don't have 5.3.x marked stable yet.
alpha/arm/ia64/s390/sh/sparc stable
Stable for HPPA.
*** Bug 335889 has been marked as a duplicate of this bug. ***
CVE-2010-2484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484): The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. CVE-2010-2531 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531): The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
From what I see whiteboard should go to glsa status. Anyone actually writing this?
(In reply to comment #16) > From what I see whiteboard should go to glsa status. Anyone actually writing > this? > Agreed. Moved to [glsa] and added to existing GLSA request.
CVE-2010-3062 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062): mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
CVE-2010-3063 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063): The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
CVE-2010-3064 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064): Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
CVE-2010-3710 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710): Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3709 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709): The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
CVE-2010-3065 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065): The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
CVE-2011-2483 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483): crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Last comment was wrong.
CVE-2010-2484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484): The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.
This issue was resolved and addressed in GLSA 201110-06 at http://security.gentoo.org/glsa/glsa-201110-06.xml by GLSA coordinator Tobias Heinlein (keytoaster).
