php5: FILTER_VALIDATE_URL will invalidate a hostname that includes '-'

BTW This bug is security and has assigned CVE: http://security-tracker.debian.org/tracker/CVE-2010-3710

That CVE is actually for a different filter bug, namely http://bugs.php.net/52929. You'll probably want to backport that fix as well, but they're separate issues.

Adam, you're right. This affects only lucid php5. And as I have suggested in 685014, it seems to be a good idea to pick the fixes from 5.3.3-6 to maverick and now it seems to be a good idea to pick them also for 5.3.2 (plus all other segfault bugs which can be found in upstream SVN).

Hi,

This is fixed in natty. Thanks for the bug report.

Regards
chuck

Removing the reference to CVE-2010-3710; that was fixed in USN 1042-1 (http://www.ubuntu.com/usn/usn-1042-1) and is a separate issue anyway.

Hi Guys, any update on this for lucid? We experience this bug in TYPO3. Thanks, Olivier

will there be progress here? This is quite an annoying issue as it affects a lot of websites and php frameworks...

I've backported the fix - just working on getting it tested now... shouldn't be too long

thanks for letting us know!

Fix is tested and backported.. waiting on change to be reviewed and approved =)

I've marked this as fix-released as it is reported to be fixed in natty. And then nominated it for Lucid.

Debdiff attached =) Hopefully this will work.

Hi. Any news on this? Can we foresee a release date yet? Many thanks!

Updated debdiff attached:

Updated debdiff attached:

FYI: I have created a ppa with the patch from Jordan here: https://launchpad.net/~olivier-dobberkau/+archive/ppa/+packages
Patch works.

Just a question. Cant find the any mention in Ubuntu Security Notice USN-1231-1 if this bug was fixed too.
Any info on that. this Bug is really annoying. thanks!

Hi. This is a kind reminder on this Bug. it is a nobrainer. please take the patch and commit it... thank you!

Dear Santa.
Please inspire the Guys in charge here to include this tiny patch in the next fix!
Thank you! ;-)

Hi Scott,

can have a look at this one please?
Looks like this is a simple fix and it could be added to the next release of php5 on lucid.

Thanks! Olivier.

Won't this be fixed for Lucid? It's pretty annoying and there's no other fix than upgrading to 12.04?

I maintain a private ppa with this fix..

https://launchpad.net/~olivier-dobberkau/+archive/php5-usn-1437-1

i try to stay uptodate with the current security patches in lucid php5.

the patch it self is a no brainer!

What is the status of this bug?

Will this ever be fixed for 10.04 LTS?

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Lets hope that the next no-brainer with patch does not gets the same treatment.
this really weakens my perception of ubuntu LTS: :-(

Yeah, hopefully. I mean, a patch exists, its no big change, and 5 years nothing. This is not what i thought that LTS is about....