Summary: | dev-php5/pecl-zip ZipArchive::extractTo directory traversal (CVE-2008-5658) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christian Hoffmann (RETIRED) <hoffie> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jaak, php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.62&r2=1.63 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Christian Hoffmann (RETIRED)
2009-04-11 12:07:40 UTC
confirmed this is vulnerable to CVE-2008-5658. If you do not want to maintain unbundled zip module, then please mask and remove. Masked and will be removed. # Christian Hoffmann <hoffie@gentoo.org> (12 Apr 2009) # Masked for security (bug 265756), unmaintained upstream (last release # two years ago), will be removed in 30 days. Use dev-lang/php with # USE=zip as a replacement, which is actively maintained and has more # features. dev-php5/pecl-zip (In reply to comment #2) > Masked and will be removed. And was removed. noglsa? and closing? Sounds good. |