Re: [SECURITY] [DSA 2403-2] php5 security update
Danny,
I believe this is a re-issue to vocer lenny and sid/wheezy, as the original php5 advisory for this issue was lenny only.
Tomasz
On Mon, Feb 06, 2012 at 08:30:19PM +0100, Danny van der Meulen wrote:
> *sigh*
>
> And here we go once again...
>
> D
>
> On 02/06/2012 08:21 PM, Thijs Kinkhorst wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >- -------------------------------------------------------------------------
> >Debian Security Advisory DSA-2403-2 security@debian.org
> >http://www.debian.org/security/ Thijs Kinkhorst
> >February 06, 2012 http://www.debian.org/security/faq
> >- -------------------------------------------------------------------------
> >
> >Package : php5
> >Vulnerability : code injection
> >Problem type : remote
> >Debian-specific: no
> >CVE ID : CVE-2012-0830
> >
> >Stefan Esser discovered that the implementation of the max_input_vars
> >configuration variable in a recent PHP security update was flawed such
> >that it allows remote attackers to crash PHP or potentially execute
> >code.
> >
> >This update adds packages for the oldstable distribution, which were
> >missing from the original advisory. The problem has been fixed in
> >version 5.2.6.dfsg.1-1+lenny16, installed into the security archive
> >on 3 Feb 2012.
> >
> >For the stable distribution (squeeze), this problem has been fixed in
> >version 5.3.3-7+squeeze7.
> >
> >For the unstable distribution (sid), this problem has been fixed in
> >version 5.3.10-1.
> >
> >We recommend that you upgrade your php5 packages.
> >
> >Further information about Debian Security Advisories, how to apply
> >these updates to your system and frequently asked questions can be
> >found at: http://www.debian.org/security/
> >
> >Mailing list: debian-security-announce@lists.debian.org
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.4.11 (GNU/Linux)
> >
> >iQEcBAEBAgAGBQJPMCgcAAoJEOxfUAG2iX57D2UH/1ObFjP57TX0K+iH2n4+1dkN
> >73ZMXEEudfZdRmKY2fHl4BcNb7hVGruKPSSnHVWHjgaoIoPPHST5dncSqi1946Km
> >oXyOB/eyiYLvhRYKjExRt99GIoC89p8VUsPE8uR3IT5cUsp4nPIQDnhLLnQd4VCk
> >Da9m5CzrAGU1RiCilb7IqKVedqQ3ewroDbgVHoRpzvpIkvKNXR3jhZSEvYHB4BQ7
> >qvnmOMNwJ+Dx6ZoS+sZpCBvucubo1nldyFCqqznc9OZMHXIgn7//YQAYcYGDkC8U
> >WL35ZubBP5+Vbnoh4Gjm1q5thizvMTZJD13dqY//0swqwEigLT1DodB1WL2Z2Bs=
> >=222m
> >-----END PGP SIGNATURE-----
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: 4F302A4B.90407@ebay.com">http://lists.debian.org/4F302A4B.90407@ebay.com
--
Tomasz M. Ciolek
*******************************************************************************
tmc at vandradlabs dot com dot au
*******************************************************************************
GPG Key ID: 0x41C4C2F0
GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD 41C4 C2F0
Key available on good key-servers
*******************************************************************************
Reply to: