This bug was fixed in the package php5 - 5.3.10-1ubuntu3.5
---
php5 (5.3.10-1ubuntu3.5) precise-security; urgency=low
* SECURITY UPDATE: arbitrary memory disclosure (LP: #1099793)
- debian/patches/CVE-2012-6113.patch: properly initialize length in
ext/openssl/openssl.c.
Introduced in 5.3.9 by:
http://git.php.net/?p=php-
src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb
Fixed in 5.3.14 by:
http://git.php.net/?p=php-
src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
--
You received this bug notification because you are a member of
CVE requested:
http://www.openwall.com/lists/oss-security/2013/01/18/5
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt empty data
To manage
Sorry, wrong bug.
** Bug watch added: Debian Bug tracker #698446
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698446
** Also affects: php5 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698446
Importance: Unknown
Status: Unknown
** No longer affects: php5
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-6113
** Also affects: php5 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Quantal)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Raring)
Importance:
** Changed in: php5 (Ubuntu)
Status: Fix Released = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt empty data
To manage
** Changed in: php5 (Ubuntu Raring)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt empty data
To
** Changed in: php5 (Ubuntu Precise)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1099793
Title:
php 5.3.10 openssl_encrypt
Thanks Robie!
Is there any tutorial to build a deb package on Ubuntu? (or which command have
You used to packaging?)
I want to build my own php5 deb package if nothing happens till the end of
week. :-)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
Bad news: I am trying to complie PHP 5.3.10 on my 12.04 LTS but doesn't work.
:-(
$apt-get source php5
$cd php5-5.3.10
$./configure --with-openssl
$make
/bin/sh /tmp/php5-5.3.10/libtool --silent --preserve-dup-deps --mode=compile
gcc -Iext/date/lib -Iext/date/ -I/tmp/php5-5.3.10/ext/date/
I have successfully built PHP 5.4.10 (latest version from http://php.net) on
12.04. This PHP version is not affected by the bug. :-)
Could anyone confirm the bug on stock ubuntu 12.04 system?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Confirmed, and I've found the fix. This is
https://bugs.php.net/bug.php?id=61413 fixed in http://git.php.net/?p
=php-src.git;a=commit;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e and
released upstream in 5.3.14.
This is due to i remaining uninitialised in the case of input data of
zero size.
I
If this doesn't qualify as security issue then I think we should SRU
this instead.
Build log attached from my test.
** Attachment added: php5_5.3.10-1ubuntu3.5_amd64.build
13 matches
Mail list logo