lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 14 Nov 2006 22:17:34 +0100
From: Marcello Barnaba <bofh@...tmedia.info>
To: bugtraq@...urityfocus.com
Subject: Re: Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability

On Tuesday 14 November 2006 17:32, Stefan Esser wrote:
>   Application: Dotdeb PHP < 5.2.0 Rev 3
>      Severity: Calling PHP scripts with special crafted URLs
>                can result in arbitrary email header injection
>          Risk: Critical
> Vendor Status: Vendor has fixed this with Dotdeb PHP 5.2.0 rev 3

As far as I can see, the package diff for php4.4.4 
http://packages.dotdeb.org/dists/stable/php4/source/php4_4.4.4-0.dotdeb.1.diff.gz
contains the vulnerable patch as well.

I wasn't unable to find a security contact (or even A contact) on dotdeb's web 
site, nor I could find a version control system from which i could abstract 
easily the security patch in order to easily backport it myself.

As a dotdeb user i'm a bit disappointed, but i also know that's because i 
didn't check when i chose dotdeb as my php4 backporter for sarge, so i have 
very little to complain.

Anyway, will the maintainer provide updated php4 packages as well?

For those of you interested in upgrading today, here is a diff between the 
php4 mail patch and the new php5 mail patch: http://ca.pastebin.com/824455

-- 
pub 1024D/8D2787EF  723C 7CA3 3C19 2ACE  6E20 9CC1 9956 EB3C 8D27 87EF

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ