Ubuntu
php5 package

Thanks for reporting this issue. This issue only affects Ubuntu 8.04 LTS, despite what the securityfocus link above says. It will be addressed in a forthcoming php update.

Changed in php5 (Ubuntu):
status:	Confirmed → Fix Released
Changed in php5 (Ubuntu Hardy):
status:	New → In Progress
assignee:	nobody → Steve Beattie (sbeattie)
importance:	Undecided → Low

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-10-17:

This bug was fixed in the package php5 - 5.2.4-2ubuntu5.18

---------------
php5 (5.2.4-2ubuntu5.18) hardy-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: Information leak via strchr interrupt (LP: #852865)
    - debian/patches/php5-CVE-2010-2484.patch: grab references before
      converting to string
    - CVE-2010-2484
-- Steve Beattie <email address hidden> Fri, 14 Oct 2011 20:10:17 -0700

Changed in php5 (Ubuntu Hardy):
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuphp5 package

strrchr() functions information leak

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
php5 package