Subject: CVE-2012-3450: php5 pdo array overread/crash
Package: php5
Severity: important
Tags: security, fixed-upstream

Denial of service vulnerability has been found and fixed in PHP, which might 
affect Debian packages too.

Original report: http://seclists.org/bugtraq/2012/Jun/60 (Discovered by 
0x721427D8 via BeyondSecurity - SecuriTeam Secure Disclosure)
Upstream bug-report: https://bugs.php.net/bug.php?id=61755 with a test-case
Patch: 
https://bugs.php.net/patch-display.php?bug_id=61755&patch=bug61755.diff&revision=latest
Currently in Debian security tracker as undetermined: 
http://lists.alioth.debian.org/pipermail/secure-testing-commits/2012-August/021045.html

As I do not currently have time I request package maintainers to check if 
Debian packages are affected. I can also do proper testing and add affected 
versions to this bug-report after few days when I have more free time.

Best regards,
Henri Salo


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to