Subject: CVE-2012-3450: php5 pdo array overread/crash Package: php5 Severity: important Tags: security, fixed-upstream
Denial of service vulnerability has been found and fixed in PHP, which might affect Debian packages too. Original report: http://seclists.org/bugtraq/2012/Jun/60 (Discovered by 0x721427D8 via BeyondSecurity - SecuriTeam Secure Disclosure) Upstream bug-report: https://bugs.php.net/bug.php?id=61755 with a test-case Patch: https://bugs.php.net/patch-display.php?bug_id=61755&patch=bug61755.diff&revision=latest Currently in Debian security tracker as undetermined: http://lists.alioth.debian.org/pipermail/secure-testing-commits/2012-August/021045.html As I do not currently have time I request package maintainers to check if Debian packages are affected. I can also do proper testing and add affected versions to this bug-report after few days when I have more free time. Best regards, Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org