Your message dated Fri, 03 Feb 2012 00:17:28 +0000 with message-id <e1rt6qg-0003gh...@franck.debian.org> and subject line Bug#656308: fixed in php5 5.3.3-7+squeeze5 has caused the Debian Bug report #656308, regarding CVE-2012-0057: XSLT file writing vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 656308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656308 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:php5 Version: 5.2.6.dfsg.1-1+lenny13 Severity: grave Tags: security patch upstream Justification: user security hole Hi, recently released php 5.3.9 includes a fix for CVE-2012-0057, which I think affects {old,}stable. Would it be possible to prepare an update for Lenny and Squeeze? Note that the fix disable file writing from XSLT which is a behavior change which might be unexpected in stable. Upstream patch is at http://svn.php.net/viewvc/?view=revision&revision=317759 Regards, -- Yves-Alexis -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---Source: php5 Source-Version: 5.3.3-7+squeeze5 We believe that the bug you reported is fixed in the latest version of php5, which is due to be installed in the Debian FTP archive: libapache2-mod-php5_5.3.3-7+squeeze5_amd64.deb to main/p/php5/libapache2-mod-php5_5.3.3-7+squeeze5_amd64.deb libapache2-mod-php5filter_5.3.3-7+squeeze5_amd64.deb to main/p/php5/libapache2-mod-php5filter_5.3.3-7+squeeze5_amd64.deb php-pear_5.3.3-7+squeeze5_all.deb to main/p/php5/php-pear_5.3.3-7+squeeze5_all.deb php5-cgi_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-cgi_5.3.3-7+squeeze5_amd64.deb php5-cli_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-cli_5.3.3-7+squeeze5_amd64.deb php5-common_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-common_5.3.3-7+squeeze5_amd64.deb php5-curl_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-curl_5.3.3-7+squeeze5_amd64.deb php5-dbg_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-dbg_5.3.3-7+squeeze5_amd64.deb php5-dev_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-dev_5.3.3-7+squeeze5_amd64.deb php5-enchant_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-enchant_5.3.3-7+squeeze5_amd64.deb php5-gd_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-gd_5.3.3-7+squeeze5_amd64.deb php5-gmp_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-gmp_5.3.3-7+squeeze5_amd64.deb php5-imap_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-imap_5.3.3-7+squeeze5_amd64.deb php5-interbase_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-interbase_5.3.3-7+squeeze5_amd64.deb php5-intl_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-intl_5.3.3-7+squeeze5_amd64.deb php5-ldap_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-ldap_5.3.3-7+squeeze5_amd64.deb php5-mcrypt_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-mcrypt_5.3.3-7+squeeze5_amd64.deb php5-mysql_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-mysql_5.3.3-7+squeeze5_amd64.deb php5-odbc_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-odbc_5.3.3-7+squeeze5_amd64.deb php5-pgsql_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-pgsql_5.3.3-7+squeeze5_amd64.deb php5-pspell_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-pspell_5.3.3-7+squeeze5_amd64.deb php5-recode_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-recode_5.3.3-7+squeeze5_amd64.deb php5-snmp_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-snmp_5.3.3-7+squeeze5_amd64.deb php5-sqlite_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-sqlite_5.3.3-7+squeeze5_amd64.deb php5-sybase_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-sybase_5.3.3-7+squeeze5_amd64.deb php5-tidy_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-tidy_5.3.3-7+squeeze5_amd64.deb php5-xmlrpc_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-xmlrpc_5.3.3-7+squeeze5_amd64.deb php5-xsl_5.3.3-7+squeeze5_amd64.deb to main/p/php5/php5-xsl_5.3.3-7+squeeze5_amd64.deb php5_5.3.3-7+squeeze5.diff.gz to main/p/php5/php5_5.3.3-7+squeeze5.diff.gz php5_5.3.3-7+squeeze5.dsc to main/p/php5/php5_5.3.3-7+squeeze5.dsc php5_5.3.3-7+squeeze5_all.deb to main/p/php5/php5_5.3.3-7+squeeze5_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 656...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated php5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 23 Jan 2012 12:24:12 +0100 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source amd64 all Version: 5.3.3-7+squeeze5 Distribution: squeeze-security Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-ma...@lists.alioth.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Closes: 637057 656308 Changes: php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high . * Add Conflicts/Provides: php5-idn to php5-intl (Closes: #637057) * Refresh patches to apply cleanly on current source tree * CVE-2011-4566: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure * CVE-2011-4885: hash table collisions CPU usage DoS (oCERT-2011-003) * CVE-2012-0057: XSLT file writing vulnerability (Closes: #656308) Checksums-Sha1: 85544ae6796ce0fec73f8c67828d01a51cb33b51 2794 php5_5.3.3-7+squeeze5.dsc da879e34402c9c597b99e5a4a45dc8b91e065ee9 228264 php5_5.3.3-7+squeeze5.diff.gz 5d196079de1954a4e6620172e2ba2437682d3e93 551950 php5-common_5.3.3-7+squeeze5_amd64.deb 6ebf3006f896fa35429dd3be8600bcef2440aa2b 3037360 libapache2-mod-php5_5.3.3-7+squeeze5_amd64.deb d133bfa2e23ca2eb4c3ab2350ba1828fa6718aab 3036548 libapache2-mod-php5filter_5.3.3-7+squeeze5_amd64.deb 91c657b872544412bdcf4aa907c0b5bda4fb8b66 5887214 php5-cgi_5.3.3-7+squeeze5_amd64.deb 79d11ad4b70147227c7af616709b0927249081b2 2942764 php5-cli_5.3.3-7+squeeze5_amd64.deb c2474924ec6d0f786934a86cbc0984efd5075434 409100 php5-dev_5.3.3-7+squeeze5_amd64.deb 6e00056caca3f5f6cc9d562bfe306611b9bb03d1 10295744 php5-dbg_5.3.3-7+squeeze5_amd64.deb 989d9f8c913463453c04f88605de1b21c6a6aa8d 27040 php5-curl_5.3.3-7+squeeze5_amd64.deb eda2190150781d49de3566a94040d3d2a51205c1 8976 php5-enchant_5.3.3-7+squeeze5_amd64.deb 4e4686a144258fa6f6fc380519c908dcee473d20 39138 php5-gd_5.3.3-7+squeeze5_amd64.deb ec03e582de76cdc4930c042671d4400d73e27010 16414 php5-gmp_5.3.3-7+squeeze5_amd64.deb 290817eab14ffbc21e920237d18366c5f5664770 35022 php5-imap_5.3.3-7+squeeze5_amd64.deb 96265c0f8edf5a664eb38c6525f251de3ef5a079 49372 php5-interbase_5.3.3-7+squeeze5_amd64.deb 3da6a8a1950678788c3e35263cef018bd0a78956 59552 php5-intl_5.3.3-7+squeeze5_amd64.deb 598e49ef10fbb831d600592324bc874e63d4440e 19788 php5-ldap_5.3.3-7+squeeze5_amd64.deb 0bd30e1a4794479ce0d840d36a88cd48e7d243bf 15178 php5-mcrypt_5.3.3-7+squeeze5_amd64.deb 251b42c1632ea868418d3264a230796cb0fa48c0 76508 php5-mysql_5.3.3-7+squeeze5_amd64.deb a16885d8ab508678b8f7c0e5b81d2b3d3457eca1 35886 php5-odbc_5.3.3-7+squeeze5_amd64.deb d947cd8c20b47d62599ae1e3cdb36281d0356a21 60374 php5-pgsql_5.3.3-7+squeeze5_amd64.deb 49eea7b94d7a289855a9096b2b734bfdc86639af 8248 php5-pspell_5.3.3-7+squeeze5_amd64.deb cd37ead99f0d4c99d034b11a78bcf2d0485b9b08 4318 php5-recode_5.3.3-7+squeeze5_amd64.deb bb5e42dc1fec32e2ef1b214a87da42c46dee1d24 11304 php5-snmp_5.3.3-7+squeeze5_amd64.deb 5d8a584bbe59fb9f588565ac813600f484b888b6 56196 php5-sqlite_5.3.3-7+squeeze5_amd64.deb 6189e1ae7cd76f7738cd3d8e58fb799ea541e3e2 26718 php5-sybase_5.3.3-7+squeeze5_amd64.deb e86c29735988f62bcbf9bffd9a860abd036ea3b4 18300 php5-tidy_5.3.3-7+squeeze5_amd64.deb 4145cc0ceb22c6ff8425188451de1fd2ef0206bf 34748 php5-xmlrpc_5.3.3-7+squeeze5_amd64.deb d38da986245813d182b0def1184581edf7915e39 14012 php5-xsl_5.3.3-7+squeeze5_amd64.deb 6db1614eb4fb39b4c581054cdade3bc5cb3e3560 1062 php5_5.3.3-7+squeeze5_all.deb 88cf85491c02f823fb86b1117f839dff1da5afdb 364588 php-pear_5.3.3-7+squeeze5_all.deb Checksums-Sha256: 1abc6bddaf70961565d5498a4d9c2042e5ddddaad776bbde673406a4e35b13b3 2794 php5_5.3.3-7+squeeze5.dsc a68f43a08f2630b78e554ccc06f5607e357b6bf308f3f95674a3b2c15a6f791c 228264 php5_5.3.3-7+squeeze5.diff.gz 61a97bc8c2766a18635a2359ea1f4d26b65348342b129b45d363453529dc68a0 551950 php5-common_5.3.3-7+squeeze5_amd64.deb c8b0c02f09b9d313759c160b92a244aca38f62bcac0b7affd6da6a53c35b0076 3037360 libapache2-mod-php5_5.3.3-7+squeeze5_amd64.deb d850235f9fa738b7a5dae2ef0315b3e677a6539ca50fbfa3bd9e7dffe108ddcf 3036548 libapache2-mod-php5filter_5.3.3-7+squeeze5_amd64.deb 39bcc01a25d4feb435141707240d57e88511e1d248a8dd3109cdb7f342d92f95 5887214 php5-cgi_5.3.3-7+squeeze5_amd64.deb 254be222239e232121d0d7cb360c7ebfd49d385dbd193c946553c87445e4305b 2942764 php5-cli_5.3.3-7+squeeze5_amd64.deb 196af060eaaf17e92cc992135ad58329ddc4a6186a9e68376817c9ddacf4b26b 409100 php5-dev_5.3.3-7+squeeze5_amd64.deb 10c44ad5869bb40cc27e26efa8497077833f4e754139702112bead6c76f04ada 10295744 php5-dbg_5.3.3-7+squeeze5_amd64.deb bcbd2ca1b9f2f83493ef081661cc6751d4d32d75120c8e709386c192a44178df 27040 php5-curl_5.3.3-7+squeeze5_amd64.deb 175980dd868b86cf8b634e66ac8e454b8705b62dc21b8c38a77ae20973d28c35 8976 php5-enchant_5.3.3-7+squeeze5_amd64.deb 778e019ea07f7006e46f115331cebbbd5bab1adeb437162c09c91ab1f4a9dc21 39138 php5-gd_5.3.3-7+squeeze5_amd64.deb 0c941de3aa672747efe42406b8348ee36273d6515d342ea9960b02b58caea624 16414 php5-gmp_5.3.3-7+squeeze5_amd64.deb bd671574030446f6b44f468e7ae2ea2a0565c9c138f3165ddaac3b2b75ec5e8f 35022 php5-imap_5.3.3-7+squeeze5_amd64.deb 043785a16fb34f2fce7c24bca16355b57c93b7e84e5a5b94533a73a1909ca96c 49372 php5-interbase_5.3.3-7+squeeze5_amd64.deb 4c6544ffcb17baebec889066cc5511149380290bee5c6a3b6e3ca35f831c9c3b 59552 php5-intl_5.3.3-7+squeeze5_amd64.deb 87de82e3aa5c744198560a45da0136aa1a4e49a169582c2330a62e5da0bad393 19788 php5-ldap_5.3.3-7+squeeze5_amd64.deb 5501fb379823ac91d5c551796f4d9bf1dbad1954036bbf75282a25b2fa89001b 15178 php5-mcrypt_5.3.3-7+squeeze5_amd64.deb 074133e10e332758be7d9a3a1465d25ffb8a309048c9c2eda49eb3f2f63caf36 76508 php5-mysql_5.3.3-7+squeeze5_amd64.deb 301e1239366a8be144f11a0b9b656da374fc93f83d4c2916dee44e2f6cc967e4 35886 php5-odbc_5.3.3-7+squeeze5_amd64.deb ebbffd510d15f29eac75bf870781ffd4db3f34b6f29123cefc715a012de8e916 60374 php5-pgsql_5.3.3-7+squeeze5_amd64.deb 5a3381def69502b1b009d1728d1c31d5241081a0f66645f14de8e72603f7632c 8248 php5-pspell_5.3.3-7+squeeze5_amd64.deb 156afc0034c8d94c3797f5ceed5e25791591c478c35cc8da420689a3f2197691 4318 php5-recode_5.3.3-7+squeeze5_amd64.deb 922545b1e77556ccdaac7d4e3e60ec593249396acdc57888d93ac88f759a6be0 11304 php5-snmp_5.3.3-7+squeeze5_amd64.deb 2bcdcbc0a9b4152f42fe678816e6e78ae584bd85364968447fa14bbec675865a 56196 php5-sqlite_5.3.3-7+squeeze5_amd64.deb 0e59158b437378d6380aabf1caa1c26602acb98f7980e0064ebd42ad6268c97b 26718 php5-sybase_5.3.3-7+squeeze5_amd64.deb 8927f8c1a842b2f0f5f224e6d977756d9e612a0ad5f0d4971d848da43540978e 18300 php5-tidy_5.3.3-7+squeeze5_amd64.deb a5d68085f00fc37d51f03a3bd4c52da772c73391da6acab78e4b99fc5710d27b 34748 php5-xmlrpc_5.3.3-7+squeeze5_amd64.deb 8bb9e8f79897d5ed5598c14b7a25b0a2050992898f9c672edb8baecd46c2047d 14012 php5-xsl_5.3.3-7+squeeze5_amd64.deb 4533da0c3ddf1f6f645907e24d1a32d54a945057afb4cbb687ed4d83c4a2b523 1062 php5_5.3.3-7+squeeze5_all.deb bb7eb60e44558f5f8570f30e0b310ab921fa2e7148e6c11c73e3e0aa18c16a00 364588 php-pear_5.3.3-7+squeeze5_all.deb Files: 6072fa9fe519a5ce067123c79d72dbc2 2794 php optional php5_5.3.3-7+squeeze5.dsc e2d36968bb735898bf274efb28008fdf 228264 php optional php5_5.3.3-7+squeeze5.diff.gz 66155d50e56fd1a54883347ef6c4d700 551950 php optional php5-common_5.3.3-7+squeeze5_amd64.deb 3917935fb4f892e4eee6bf2e04824921 3037360 httpd optional libapache2-mod-php5_5.3.3-7+squeeze5_amd64.deb 137f962ea10afb941b69a13d67168ce0 3036548 httpd optional libapache2-mod-php5filter_5.3.3-7+squeeze5_amd64.deb ab5f6e55cbce022b4c8a2f518b6985f9 5887214 php optional php5-cgi_5.3.3-7+squeeze5_amd64.deb 874f9cee3b7f5e09e8fed146985a5f01 2942764 php optional php5-cli_5.3.3-7+squeeze5_amd64.deb 30702343a19093560ae3ed5038cb02b1 409100 php optional php5-dev_5.3.3-7+squeeze5_amd64.deb 847f963c433688d3c9692927a7061e10 10295744 debug extra php5-dbg_5.3.3-7+squeeze5_amd64.deb eebba22038e4214e7bfbd1489ecbeb26 27040 php optional php5-curl_5.3.3-7+squeeze5_amd64.deb 5ef0b80d4cbf57a75d102eaf2d75f479 8976 php optional php5-enchant_5.3.3-7+squeeze5_amd64.deb 6e4f99e53d6533e5320e784c2851b997 39138 php optional php5-gd_5.3.3-7+squeeze5_amd64.deb 919790161480dbcc82c20cb5fe00c026 16414 php optional php5-gmp_5.3.3-7+squeeze5_amd64.deb 16b06fc7dfd68b45f334f33624b242bd 35022 php optional php5-imap_5.3.3-7+squeeze5_amd64.deb 2632135067f4c65ed2bf7773a83d8bd6 49372 php optional php5-interbase_5.3.3-7+squeeze5_amd64.deb 03c5c58301e387f370281280f9c1ff20 59552 php optional php5-intl_5.3.3-7+squeeze5_amd64.deb 46f3f8fa3f0a76b4b99bdb5a93b650bc 19788 php optional php5-ldap_5.3.3-7+squeeze5_amd64.deb 4f5b8061cf200c37b07a368355695462 15178 php optional php5-mcrypt_5.3.3-7+squeeze5_amd64.deb 984f3125169444c8167a37394d84148d 76508 php optional php5-mysql_5.3.3-7+squeeze5_amd64.deb d890f0f9f7b59e4e8afdfca9952e86f1 35886 php optional php5-odbc_5.3.3-7+squeeze5_amd64.deb c49d1c3a80a239b4d91258d15ed2481a 60374 php optional php5-pgsql_5.3.3-7+squeeze5_amd64.deb e81a0d0f9535ec7dd702ada4f984ef70 8248 php optional php5-pspell_5.3.3-7+squeeze5_amd64.deb b029baaa19135983e577cbe6bd40e70c 4318 php optional php5-recode_5.3.3-7+squeeze5_amd64.deb 0929ce7bccc34a3e9b868da67b727a1e 11304 php optional php5-snmp_5.3.3-7+squeeze5_amd64.deb 219b9fc02813531928b7c329c996d75d 56196 php optional php5-sqlite_5.3.3-7+squeeze5_amd64.deb 24d6c241d38883a8a94a193113d4af22 26718 php optional php5-sybase_5.3.3-7+squeeze5_amd64.deb 367b580ac07d7db60c61f3ca7c3c18ef 18300 php optional php5-tidy_5.3.3-7+squeeze5_amd64.deb 53998b0c213878af180035eb1113234a 34748 php optional php5-xmlrpc_5.3.3-7+squeeze5_amd64.deb 8916a5fd96da3d48dcdb373f6f18093a 14012 php optional php5-xsl_5.3.3-7+squeeze5_amd64.deb e2b9996a406ba6b0696aacf6b30046f6 1062 php optional php5_5.3.3-7+squeeze5_all.deb c4fc44b31feaa7a26b59d4f71253b666 364588 php optional php-pear_5.3.3-7+squeeze5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8dkOsACgkQ9OZqfMIN8nMYHQCcDqOGi8qQkkzHw4XoIA8b4jPm I60AnjAWO0JOLSl/6QuUb2SQZzB1M4j1 =Ary2 -----END PGP SIGNATURE-----
--- End Message ---
