PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
Bug #852871 reported by
Greg Skafte
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php5 (Ubuntu) |
Fix Released
|
Undecided
|
Steve Beattie | ||
Hardy |
Won't Fix
|
Low
|
Unassigned | ||
Lucid |
Fix Released
|
Low
|
Steve Beattie |
Bug Description
PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
http://
php5 5.3.2-1ubuntu4.9
visibility: | private → public |
Changed in php5 (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in php5 (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in php5 (Ubuntu Hardy): | |
status: | New → Won't Fix |
importance: | Undecided → Low |
Changed in php5 (Ubuntu Lucid): | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Steve Beattie (sbeattie) |
To post a comment you must log in.
Thanks for reporting this issue. It has been addressed in Ubuntu 10.10 (maverick) and newer. For Ubuntu 10.04 LTS (lucid), I'll be applying the upstream fix for it. For Ubuntu 8.04 LTS (hardy), upstream never fixed this issue in the php 5.2 branch, and backporting the fix is non-trivial and thus has a non-trivial amount of risk to it, while the issue in question is of relatively low risk; it requires a malicious php script in place on the server. Thus this will not be fixed for 8.04.