Package: php5 Severity: minor Tags: security Hi, a CVE has been issued against your package. CVE-2007-4840[0]: PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
Please include the CVE id in the changelog if you fix this bug. This should be a minor bug since it is not really exploitable in most environments. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp1QOGnFOK8v.pgp
Description: PGP signature
