Package: php4 Version: 4:4.3.10-16 Severity: important Tags: security A vulnerability in PHP's exif code has been found that may DoS a PHP installation through crafted JPEG images that triggers an infinite recursion. Details are sparse, but Red Hat has fixed the problem: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943
This has been assigned CVE-2005-3353 and is different from the recent EXIF DoS problem wrt IFD levels, which was CVE-2005-1043, PHP bug 28451 and which was fixed upstream in 4.3.11. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.29-vs1.2.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages php4 depends on: ii libapache2-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-common 4:4.3.10-16 Common files for packages built fr php4 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]