Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 266125 (CVE-2009-1271) - <dev-lang/php-5.2.8-r2: multiple vulnerabilities (CVE-2009-1271 and others)
Summary: <dev-lang/php-5.2.8-r2: multiple vulnerabilities (CVE-2009-1271 and others)
Alias: CVE-2009-1271
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2009-04-14 16:41 UTC by Christian Hoffmann (RETIRED)
Modified: 2010-01-05 21:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Christian Hoffmann (RETIRED) gentoo-dev 2009-04-14 16:41:54 UTC
Looks like I've failed and have never filed a bug for the security-relevant fixes which have been introduced in php-5.2.8-r2.
So here we go:

#1 015_json_decode-crash.patch (CVE-2009-1271)
   Further references: [1] [2]
   Impact: Local DoS (persistent php setups)
#2 016_extract-crash.patch (crash in PHP's explode() function)
   Further references: [3] [4] [5]
   Impact: Local DoS (persistent php setups)

Those have been fixed since 5.2.8-r2, which is already stable on all arches. So nothing to do here, just archiving purposes.

Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-04 06:53:04 UTC
We already have a request for bug 249875 in, so YES.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-05 21:13:52 UTC
GLSA 201001-03.

Thank you everyone, sorry about the delay.