[Bug 852865] Re: strrchr() functions information leak
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2202 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3182 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
This bug was fixed in the package php5 - 5.2.4-2ubuntu5.18 --- php5 (5.2.4-2ubuntu5.18) hardy-security; urgency=low [ Angel Abad ] * SECURITY UPDATE: File path injection vulnerability in RFC1867 File upload filename (LP: #813115) - debian/patches/php5-CVE-2011-2202.patch: - CVE-2011-2202 [ Steve Beattie ] * SECURITY UPDATE: DoS due to failure to check for memory allocation errors - debian/patches/php5-CVE-2011-3182.patch: check the return values of the malloc, calloc, and realloc functions - CVE-2011-3182 * SECURITY UPDATE: Information leak via strchr interrupt (LP: #852865) - debian/patches/php5-CVE-2010-2484.patch: grab references before converting to string - CVE-2010-2484 -- Steve BeattieFri, 14 Oct 2011 20:10:17 -0700 ** Changed in: php5 (Ubuntu Hardy) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2202 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3182 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
** Changed in: php5 (Ubuntu) Status: Confirmed => Fix Released ** Changed in: php5 (Ubuntu Hardy) Status: New => In Progress ** Changed in: php5 (Ubuntu Hardy) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Hardy) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
** Also affects: php5 (Ubuntu Hardy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
Thanks for reporting this issue. This issue only affects Ubuntu 8.04 LTS, despite what the securityfocus link above says. It will be addressed in a forthcoming php update. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-2484 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
http://permalink.gmane.org/gmane.comp.security.oss.general/3109 ** Visibility changed to: Public ** Changed in: php5 (Ubuntu) Status: New => Confirmed ** Changed in: php5 (Ubuntu) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs