Thanks for reporting this issue. It has been addressed in Ubuntu 10.10
(maverick) and newer. For Ubuntu 10.04 LTS (lucid), I'll be applying the
upstream fix for it. For Ubuntu 8.04 LTS (hardy), upstream never fixed
this issue in the php 5.2 branch, and backporting the fix is non-trivial
and thus
** Also affects: php5 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Lucid)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
** Changed in: php5 (Ubuntu)
Status: Confirmed = Fix Released
** Changed in: php5 (Ubuntu Hardy)
Status: New = Won't Fix
** Changed in: php5 (Ubuntu Hardy)
Importance: Undecided = Low
** Changed in: php5 (Ubuntu Lucid)
Status: New = In Progress
** Changed in: php5
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.10
---
php5 (5.3.2-1ubuntu4.10) lucid-security; urgency=low
[ Angel Abad ]
* SECURITY UPDATE: File path injection vulnerability in RFC1867 File
upload filename (LP: #813115)
- debian/patches/php5-CVE-2011-2202.patch:
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/852871
Title:
PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
To manage
** Changed in: php5 (Ubuntu)
Status: New = Confirmed
** Changed in: php5 (Ubuntu)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
