Launchpad CVE tracker

CVE 2009-3291

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Related bugs and status

CVE-2009-3291 (Candidate) is related to these bugs:

Bug #239513: [SRU] stack smashing detected when calling xmlrpc_set_type

		In	Importance	Status
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php	Unknown	Unknown
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Hardy)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Intrepid)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Jaunty)	Undecided	Fix Released

Bug #446313: [ffe] security upgrade to php 5.2.11

Summary				In	Importance	Status
	446313	[ffe] security upgrade to php 5.2.11		php5 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-3291

References