diff options
| author | Sean Finney <seanius@debian.org> | 2009-04-10 14:37:01 +0200 |
|---|---|---|
| committer | Sean Finney <seanius@debian.org> | 2009-04-10 14:37:01 +0200 |
| commit | 406aae5be358b82731769f79d9fffbbecc01d26c (patch) | |
| tree | 087cecabcb725d6f5d4ce2ee0a20dc42d1d70ef9 | |
| parent | 203ff3706e2068bcbdd71966588eaf3a47a63acb (diff) | |
| download | php-406aae5be358b82731769f79d9fffbbecc01d26c.tar.gz | |
Imported Debian patch 5.2.0-8+etch7debian/5.2.0-8+etch7
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/patches/124-CVE-2007-1864.patch | 11 |
2 files changed, 20 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index d2bad8838..6821e5558 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +php5 (5.2.0-8+etch7) stable-security; urgency=low + + * An addendum to the previous security NMU, the following vulnerability + is also fixed: + - CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library. + * Thanks to Joe Orton from redhat for sharing the patch. + + -- sean finney <seanius@debian.org> Mon, 02 Jul 2007 22:00:09 +0200 + php5 (5.2.0-8+etch6) stable-security; urgency=low * NMU prepared for the security team by the package maintainer. diff --git a/debian/patches/124-CVE-2007-1864.patch b/debian/patches/124-CVE-2007-1864.patch new file mode 100644 index 000000000..57a66fde9 --- /dev/null +++ b/debian/patches/124-CVE-2007-1864.patch @@ -0,0 +1,11 @@ +--- old/ext/xmlrpc/libxmlrpc/xml_to_soap.c 2007-06-30 14:37:52.000000000 +0200 ++++ new/ext/xmlrpc/libxmlrpc/xml_to_soap.c 2007-06-30 14:38:38.000000000 +0200 +@@ -75,7 +75,7 @@ + } + + struct array_info { +- char kids_type[30]; ++ char kids_type[128]; + unsigned long size; + /* ... ? */ + }; |