[Secure-testing-commits] r29399 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Oct 14 14:40:19 UTC 2014
Author: hertzog
Date: 2014-10-14 14:40:19 +0000 (Tue, 14 Oct 2014)
New Revision: 29399
Modified:
data/CVE/list
Log:
Mark CVE-2013-7345/php5/squeeze as not-affected, but the wheezy one is affected
The verification done is this one:
$ cd ext/fileinfo
$ cat >test.c <<END
END
$ cat data_file.c >>test.c
$ cat >>test.c <<END
int main(int argc, char *argv[]) {
int fd, res;
fd = open("magic.mgc", O_RDWR|O_CREAT, 0644);
res = sizeof(php_magic_database);
if(res != write(fd, php_magic_database, sizeof(php_magic_database))) {
printf("Did not write everything...\n");
};
close(fd);
return 0;
}
END
$ gcc -o test ./test.c
$ ./test
$ strings magic.mgc | grep "BEGIN"
[...]
If the output contains "^\s*BEGIN\s*[{]" then you are affected,
otherwise you are not. In squeeze we don't have the problematic
regex at all. In unstable, we have the fixed regex.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-14 14:40:12 UTC (rev 29398)
+++ data/CVE/list 2014-10-14 14:40:19 UTC (rev 29399)
@@ -14378,6 +14378,14 @@
NOTE: http://bugs.gw.com/view.php?id=164
NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
- php5 5.6.0+dfsg-1
+ [squeeze] - php5 <not-affected>
+ NOTE: Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding
+ NOTE: magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN"
+ NOTE: returns "^\s*BEGIN\s*[{]". Same test in squeeze does not
+ NOTE: report the problematic string.
+ NOTE: Good fix is to regenerate the file with "php5
+ NOTE: create_data_file.php /usr/share/file/magic.mgc > data_info.c" once
+ NOTE: you have a fixed libmagic1 installed.
CVE-2014-5795
REJECTED
CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple ...)
More information about the Secure-testing-commits
mailing list