This bug was fixed in the package php5 - 5.2.3-1ubuntu6.4
---------------
php5 (5.2.3-1ubuntu6.4) gutsy-security; urgency=low
* debian/patches/SECURITY_CVE-2008-2050.patch: possible stack overflow and
sending of unitialized paddings
* debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete
multibyte chars inside escapeshellcmd()
* debian/patches/SECURITY_CVE-2008-0599.patch: properly consider operator
precedence when calculating length of PATH_TRANSLATED
* debian/patches/SECURITY_CVE-2007-4850.patch: fixed a safe_mode bypass in
cURL
* Add debian/patches/SECURITY_CVE-2008-2829.patch: unsafe usage of
deprecated imap functions (patch from Debian)
* Add debian/patches/SECURITY_CVE-2008-1384.patch: integer overflow in
printf() (patch from Debian)
* Add debian/patches/SECURITY_CVE-2008-2107+2108.patch: weak random number
seed.
* Add debian/patches/SECURITY_CVE-2007-4782.patch: DoS via long string in
the fnmatch functions
* debian/patches/SECURITY_526-pcre_compile.patch: avoid stack overflow (fix
from pcre 7.6)
* Update debian/patches/207-htmlentity-utf8-fix.patch: fail on improperly
finished UTF sequence
* Add debian/patches/SECURITY_CVE-2008-2371.patch: buffer overflow.
Backported upstream patches.
* References
CVE-2008-2050
CVE-2008-2051
CVE-2008-0599
CVE-2007-4850
CVE-2008-2829
CVE-2008-1384
CVE-2008-2107
CVE-2008-2108
CVE-2007-4782
CVE-2007-5898
CVE-2008-2371
LP: #227464
-- Jamie Strandboge <[EMAIL PROTECTED]> Tue, 22 Jul 2008 16:32:16
-0400
** Changed in: php5 (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
