Re: [SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sébastien Le Ray wrote:
> Thijs Kinkhorst <thijs@debian.org> a écrit :
>> CVE-2008-5658
>>
>> Directory traversal vulnerability in the ZipArchive::extractTo
>> function allows attackers to write arbitrary files via a ZIP file
>> with a file whose name contains .. (dot dot) sequences.
>>
>
> Hi,
Hi,
>
> It seems that there were some side effects. Since the upgrade we've PHP
> crashes with:
> *** glibc detected *** double free or corruption (fasttop): 0x08718200
> ***
>
> The crash occurs inside the extractTo function, please tell me if you
> need any additional information.
>
Could you please provide us with the zip's files listing (i.e. the output of
unzip -l)?
That would help us reproduce and fix it.
Kind regards,
- --
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoDDcUACgkQYy49rUbZzlrC+QCggRg/soVtN1NZnYPZKugad4lT
wB8Anjms7X63NJDyhR4Y1ttFyWMjPZ3S
=WmZr
-----END PGP SIGNATURE-----
Reply to: