From: hoffie at gentoo dot org Operating system: Irrelevant PHP version: 5.2.6 PHP Bug Type: PCRE related Bug description: bundled version of libpcre misses security fix for CVE-2008-2371
Description: ------------ The bundled version of libpcre misses the security fix for CVE-2008-2371. See http://bugs.gentoo.org/show_bug.cgi?id=228091 for details (including a patch). http://overlays.gentoo.org/proj/php/browser/patches/php-patches/5.2.6/5.2.6/012_pcre-integer-overflow.patch -- Edit bug report at http://bugs.php.net/?id=45408&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=45408&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=45408&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=45408&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=45408&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=45408&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=45408&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=45408&r=needscript Try newer version: http://bugs.php.net/fix.php?id=45408&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=45408&r=support Expected behavior: http://bugs.php.net/fix.php?id=45408&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=45408&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=45408&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=45408&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45408&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=45408&r=dst IIS Stability: http://bugs.php.net/fix.php?id=45408&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=45408&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=45408&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=45408&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=45408&r=mysqlcfg
