Ubuntu
php5 package

CVE-2008-5498

Bug #670887 reported by Nick White
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: php5

CVE-2008-5498 is not fixed in php5-5.2.4-2ubuntu5.12 for Hardy.

The fix in question is: http://svn.php.net/viewvc/php/php-src/trunk/ext/gd/libgd/gd.c?r1=263894&r2=270937&view=patch

It's just a one-liner.

I manually checked the source, after applying the ubuntu patches, and confirmed that the vulnerability is still present.

CVE References

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and reporting a bug. The code in question is actually not used in Ubuntu, so this is a non-issue. Please see http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-5498.html for details.

visibility: private → public
Changed in php5 (Ubuntu):
status: New → Won't Fix
Revision history for this message
Nick White (r-launchpad-njw-me-uk) wrote :

Ah, sorry, I didn't realise that. Thanks alot :-)

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.