PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported
Bug #1594041 reported by
Lukas Reschke
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php |
Unknown
|
Unknown
|
|||
php5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Unassigned | ||
Wily |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The PHP Security Bug #68978 (https:/
The patch can be found at https:/
We'd appreciate if this patch could be backported to Trusty to prevent PHP applications from being insecure against header injections in Internet Explorer. (as really no PHP application out there is really manually performing a check for this form, especially since the PHP documentation explicitly states that only one header can be sent)
description: | updated |
description: | updated |
summary: |
- PHP Security Bug #68978 XSS in header() with Internet Explorer has not - been backported + PHP Security Bug #68978 "XSS in header() with Internet Explorer has not + been backported" |
summary: |
- PHP Security Bug #68978 "XSS in header() with Internet Explorer has not + PHP Security Bug #68978: "XSS in header() with Internet Explorer has not been backported" |
summary: |
- PHP Security Bug #68978: "XSS in header() with Internet Explorer has not - been backported" + PHP Security Bug #68978: "XSS in header() with Internet Explorer" has + not been backported |
information type: | Private Security → Public Security |
Changed in php5 (Ubuntu Wily): | |
status: | New → Fix Released |
Changed in php5 (Ubuntu Xenial): | |
status: | New → Fix Released |
To post a comment you must log in.
Marked as public security bug and brought up to OSS-Security and asked MITRE for a CVE considering CVE-2011-1398