CVE-2008-3658,2008-3659,2008-3660
Bug #286851 reported by
SwissSign Operations Team
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Debian |
Fix Released
|
Unknown
|
|||
php5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: php5
DSA-1647-1 has three fixes for the above CVE's (Debian Bugs 499987, 499988, 499989):
CVE-2008-3658
Buffer overflow in the imageloadfont function allows a denial
of service or code execution through a crafted font file.
CVE-2008-3659
Buffer overflow in the memnstr function allows a denial of
service or code execution via a crafted delimiter parameter
to the explode function.
CVE-2008-3660
Denial of service is possible in the FastCGI module by a
remote attacker by making a request with multiple dots
before the extension.
Will this be backportet into dapper? It's still under LTS, isn't it?
krgds /markus
Changed in php5: | |
status: | New → Confirmed |
status: | New → Confirmed |
Changed in debian: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
These CVEs aren't fixed for hardy (and probably gutsy), too. Is there an update planned or are the ubuntu packages not affected?