This bug was fixed in the package php5 - 5.3.10-1ubuntu3.5
---
php5 (5.3.10-1ubuntu3.5) precise-security; urgency=low
* SECURITY UPDATE: arbitrary memory disclosure (LP: #1099793)
- debian/patches/CVE-2012-6113.patch: properly initialize length in
ext/openssl/openssl.c.
** Changed in: php5 (Ubuntu Precise)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt empty data
To
** Changed in: php5 (Ubuntu Raring)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt empty data
To manage notificatio
** Changed in: php5 (Ubuntu)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt empty data
To manage notifications abou
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-6113
** Also affects: php5 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Raring)
Importance: Un
Sorry, wrong bug.
** Bug watch added: Debian Bug tracker #698446
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698446
** Also affects: php5 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698446
Importance: Unknown
Status: Unknown
** No longer affects: php5 (Debi
CVE requested:
http://www.openwall.com/lists/oss-security/2013/01/18/5
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt empty data
To manage notifications ab
Introduced in 5.3.9 by:
http://git.php.net/?p=php-
src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb
Fixed in 5.3.14 by:
http://git.php.net/?p=php-
src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
--
You received this bug notification because you are a member of Ub
Thanks Robie!
Is there any tutorial to build a deb package on Ubuntu? (or which command have
You used to packaging?)
I want to build my own php5 deb package if nothing happens till the end of
week. :-)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
If this doesn't qualify as security issue then I think we should SRU
this instead.
Build log attached from my test.
** Attachment added: "php5_5.3.10-1ubuntu3.5_amd64.build"
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793/+attachment/3484104/+files/php5_5.3.10-1ubuntu3.5_amd64.bui
Confirmed, and I've found the fix. This is
https://bugs.php.net/bug.php?id=61413 fixed in http://git.php.net/?p
=php-src.git;a=commit;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e and
released upstream in 5.3.14.
This is due to i remaining uninitialised in the case of input data of
zero size.
I also
I have successfully built PHP 5.4.10 (latest version from http://php.net) on
12.04. This PHP version is not affected by the bug. :-)
Could anyone confirm the bug on stock ubuntu 12.04 system?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
Bad news: I am trying to complie PHP 5.3.10 on my 12.04 LTS but doesn't work.
:-(
$>apt-get source php5
$>cd php5-5.3.10
$>./configure --with-openssl
$>make
/bin/sh /tmp/php5-5.3.10/libtool --silent --preserve-dup-deps --mode=compile
gcc -Iext/date/lib -Iext/date/ -I/tmp/php5-5.3.10/ext/date/ -D
Thanks for taking the time to report this bug and helping to make Ubuntu
better.
It seems likely that this could be an upstream bug. I think suitable
next steps are to try to reproduce with PHP built directly from upstream
(not from packaging), both 5.3.10 and the latest version to see if this
bug
14 matches
Mail list logo
