Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 266125 (CVE-2009-1271)

Summary: <dev-lang/php-5.2.8-r2: multiple vulnerabilities (CVE-2009-1271 and others)
Product: Gentoo Security Reporter: Christian Hoffmann (RETIRED) <hoffie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: php-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Christian Hoffmann (RETIRED) gentoo-dev 2009-04-14 16:41:54 UTC
Looks like I've failed and have never filed a bug for the security-relevant fixes which have been introduced in php-5.2.8-r2.
So here we go:

#1 015_json_decode-crash.patch (CVE-2009-1271)
   Further references: [1] [2]
   Impact: Local DoS (persistent php setups)
#2 016_extract-crash.patch (crash in PHP's explode() function)
   Further references: [3] [4] [5]
   Impact: Local DoS (persistent php setups)

Those have been fixed since 5.2.8-r2, which is already stable on all arches. So nothing to do here, just archiving purposes.

Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-04 06:53:04 UTC
We already have a request for bug 249875 in, so YES.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-05 21:13:52 UTC
GLSA 201001-03.

Thank you everyone, sorry about the delay.