This bug was fixed in the package php5 - 5.2.4-2ubuntu5.18
---------------
php5 (5.2.4-2ubuntu5.18) hardy-security; urgency=low
[ Angel Abad ]
* SECURITY UPDATE: File path injection vulnerability in RFC1867 File
upload filename (LP: #813115)
- debian/patches/php5-CVE-2011-2202.patch:
- CVE-2011-2202
[ Steve Beattie ]
* SECURITY UPDATE: DoS due to failure to check for memory allocation errors
- debian/patches/php5-CVE-2011-3182.patch: check the return values
of the malloc, calloc, and realloc functions
- CVE-2011-3182
* SECURITY UPDATE: Information leak via strchr interrupt (LP: #852865)
- debian/patches/php5-CVE-2010-2484.patch: grab references before
converting to string
- CVE-2010-2484
-- Steve Beattie <[email protected]> Fri, 14 Oct 2011 20:10:17 -0700
** Changed in: php5 (Ubuntu Hardy)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2202
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3182
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/852865
Title:
strrchr() functions information leak
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
