ports/128956: [patch] [vuxml] multiple vulnerabilities in PHP
5.2.6
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Tue Nov 18 06:04:34 PST 2008
Steven, CVE-supporters, good day.
Today I was submitted FreeBSD's VuXML entry for CVE-2008-3659 and it
seem to be errorneously saying about "PHP 5.6". Could you please try to
follow the discuission and say something about the entry's description
text?
Tue, Nov 18, 2008 at 01:37:13PM +0100, Jille Timmermans wrote:
> "PHP 5.2 through 5.2.6" makes the most sense.
> However, "PHP 5.1 through" or even "PHP 5 through" are also possible.
I had glanced over the PHP's CVS repository: the code in question exists
even for the PHP 5.0 branchpoint (source line 128 and below):
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?revision=1.88&view=markup&pathrev=PHP_5_0
My built-in history tracer tells me the following story:
1. Current code traces back to the zend_operators.h, rev 1.72,
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?view=log#rev1.72
2. The function was moved to ZendEngine2/zend_operators.h from
ext/standard/php_string.h, rev 1.74,
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/php_string.h?view=log#rev1.74
3. Vulnerable code seem to be here since rev 1.40:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/php_string.h?r1=1.39&r2=1.40&view=patch
So the issue seem to be here since some 4.0.x or even 3.x.
> I don't know much about CVE's; can we provide them feedback for this typo ?
>
> I think the best is to wait for the CVE to get fixed and fix it
> in the vuxml entry afterwards.
Yes, it will be the best thing. So, gentlemen from the CVE maintainers
team, it seems that the entry for the CVE-2008-3659 should be fixed by
saying "PHP 5 through 5.2.6" -- the bug seem to be existed all over the
lifetime for the 5.x branch.
> I think you also had that plan ;)
Sort of ;))
Thanks to everyone!
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20081118/56b70571/attachment.pgp
More information about the freebsd-security
mailing list