Launchpad.net

CVE 2016-6288

The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.

Related bugs and status

CVE-2016-6288 (Candidate) is related to these bugs:

Bug #1315888: Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist

		In	Importance	Status
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php	Unknown	Unknown
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php5 (Ubuntu Trusty)	High	Fix Released
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php5 (Ubuntu)	High	Fix Released

Bug #1594041: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported

		In	Importance	Status
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Wily)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Trusty)	Medium	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Yakkety)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Precise)	Medium	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Xenial)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-6288

Related bugs and status

Related bugs

References