| Name | CVE-2008-3659 |
| Description | Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ... |
| Source | CVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more) |
| References | DSA-1647-1 |
| Debian/oldstable | not vulnerable. |
| Debian/stable | not vulnerable. |
| Debian/testing | not vulnerable. |
| Debian/unstable | not vulnerable. |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| php5 (PTS) | squeeze | 5.3.3-7+squeeze17 | fixed |
| squeeze (security) | 5.3.3-7+squeeze19 | fixed | |
| wheezy | 5.4.4-14+deb7u7 | fixed | |
| wheezy (security) | 5.4.4-14+deb7u8 | fixed | |
| jessie, sid | 5.5.11+dfsg-2 | fixed |
The information above is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| php4 | source | (unstable) | (unfixed) | |||
| php5 | source | (unstable) | 5.2.6-4 | medium | ||
| php5 | source | etch | 5.2.0-8+etch13 | DSA-1647-1 |
php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
(From upstream's ext/standard/tests/strings/explode_bug.phpt)
could not reproduce locally
fix in pkg-php svn for both etch and sid
Home - Testing Security Team - Debian Security - Source (SVN)