Summary: | <dev-lang/php-{5.4.17,5.3.27}: "php_quot_print_encode()" Buffer Overflow Vulnerability (CVE-2013-2110) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | phajdan.jr, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/53736/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 453948 | ||
Bug Blocks: | 472204 |
Description
Agostino Sarubbo
2013-06-07 09:35:09 UTC
Ebuilds in portage. Please go ahead with stabilisation. Sure, why not. Arches, please stabilize =dev-lang/php-5.3.26 and =dev-lang/php-5.4.16, target arches for both: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86. Thanks! Stable for HPPA. Arches, please test and mark stable: =dev-lang/php-5.3.26 =dev-lang/php-5.4.16 =app-admin/eselect-php-0.7.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" amd64 stable x86 stable (In reply to Agostino Sarubbo from comment #4) > Arches, please test and mark stable: > =dev-lang/php-5.3.26 > =dev-lang/php-5.4.16 > =app-admin/eselect-php-0.7.1 > Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Arches, please test and mark stable: =dev-lang/php-5.3.26 =dev-lang/php-5.4.17 =app-admin/eselect-php-0.7.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" It fixes also bug 474656 and bug 472204 amd64 stable x86 stable ia64 stable Re-adding completed 5.3.26 arches. Please test and stable =dev-lang/php-5.3.27, target arches alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86, in order to also fix bug 476570 (this seemed like the simplest way, instead of adding several more blockers). amd64 stable ia64 stable x86 stable ppc stable (In reply to Chris Reffett from comment #11) > Re-adding completed 5.3.26 arches. Please test and stable > =dev-lang/php-5.3.27, target arches alpha amd64 arm hppa ia64 ppc ppc64 s390 > sh sparc x86, in order to also fix bug 476570 (this seemed like the simplest > way, instead of adding several more blockers). I don't see that version in tree ppc64 stable alpha stable arm stable sh stable sparc stable *** Bug 470284 has been marked as a duplicate of this bug. *** Stable for HPPA. s390 stable Thank you, GLSA request filed. CVE-2013-2110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110): Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |