This was addressed in precise in the 5.3.10-1ubuntu1 merge, closing.
** Changed in: php5 (Ubuntu Precise)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
** Branch linked: lp:ubuntu/natty-security/php5
** Branch linked: lp:ubuntu/maverick-security/php5
** Branch linked: lp:ubuntu/lucid-security/php5
** Branch linked: lp:ubuntu/oneiric-updates/php5
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
According to this issue it is not yet released for Hardy nor Precise,
but the announcement for 5.2.4-2ubuntu5.22 says it is:
https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.22
Was that tracked somewhere else and this issue just needs to be updated?
Related question: I searched for the
Yes, this has been fixed in hardy (8.04 LTS); however, I forgot to
incorporate the bug number in the changelog entry for the hardy version.
You are correct that this issue has not been addressed in precise, yet.
As for CVE-2012-0830, there is no separate bug report; the security team
doesn't
This bug was fixed in the package php5 - 5.3.5-1ubuntu7.6
---
php5 (5.3.5-1ubuntu7.6) natty-security; urgency=low
* SECURITY UPDATE: memory allocation failure denial of service
- debian/patches/php5-CVE-2011-4153.patch: check result of
zend_strdup() and calloc() for
This bug was fixed in the package php5 - 5.3.6-13ubuntu3.5
---
php5 (5.3.6-13ubuntu3.5) oneiric-security; urgency=low
* SECURITY UPDATE: memory allocation failure denial of service
- debian/patches/php5-CVE-2011-4153.patch: check result of
zend_strdup() and calloc() for
This bug was fixed in the package php5 - 5.3.3-1ubuntu9.9
---
php5 (5.3.3-1ubuntu9.9) maverick-security; urgency=low
* SECURITY UPDATE: memory allocation failure denial of service
- debian/patches/php5-CVE-2011-4153.patch: check result of
zend_strdup() and calloc() for
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.13
---
php5 (5.3.2-1ubuntu4.13) lucid-security; urgency=low
* SECURITY UPDATE: memory allocation failure denial of service
- debian/patches/php5-CVE-2011-4153.patch: check result of
zend_strdup() and calloc() for
This should really be fixed soon. Please up vote it!
BTW, watch out, the fix caused an even worse (remote code execution)
bug:
https://bugzilla.redhat.com/show_bug.cgi?id=786686
** Bug watch added: Red Hat Bugzilla #786686
https://bugzilla.redhat.com/show_bug.cgi?id=786686
--
You received
Thanks for reporting this; I am currently working on the update to fix
this and other open php issues. I'm aware of the introduced
vulnerability CVE-2012-0830 that the fix for this issue introduced (Tom
Reed's patch above includes the vulnerability). It's addressed upstream
by
Why not cherry-pick from Debian? (That way you can also check if I
haven't missed anything on your radar.)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/910296
Title:
Please backport
Initial testing shows a crash from the error message there. A version
with the error message pulled out seems to be functioning.
There may be additional code from 2.3.9 that the Ubuntu version doesn't
have and needs to support the error message.
--
You received this bug notification because you
You actually need two commits for this fix.
This one is the 5.3 branch commit for the first commit:
http://svn.php.net/viewvc?view=revisionrevision=321038
There was a fix to that commit later:
http://svn.php.net/viewvc?view=revisionrevision=321335
I've combined both of these patches into one
Also, I might bump this up a little higher than medium. This is a
verified bug with trivially reproducible DoS capability.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/910296
Title:
** Also affects: php5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Hardy)
15 matches
Mail list logo
