2016-06-18 22:52:22 |
Lukas Reschke |
bug |
|
|
added bug |
2016-06-18 22:59:34 |
Lukas Reschke |
description |
The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978) has not been backported to Trusty. It has been included with PHP 5.5.22 in February 2015.
The patch can be found at https://github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b
We'd appreciate if this patch could be backported to Trusty to prevent PHP applications from being insecure against header injections in Internet Explorer. |
The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978) has not been backported to Trusty. It has been included with PHP 5.5.22 in February 2015.
The patch can be found at https://github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b
We'd appreciate if this patch could be backported to Trusty to prevent PHP applications from being insecure against header injections in Internet Explorer. (as really no PHP application out there is really manually performing a check for this form, especially since the PHP documentation explicitly states that only one header can be sent) |
|
2016-06-18 23:01:59 |
Lukas Reschke |
description |
The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978) has not been backported to Trusty. It has been included with PHP 5.5.22 in February 2015.
The patch can be found at https://github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b
We'd appreciate if this patch could be backported to Trusty to prevent PHP applications from being insecure against header injections in Internet Explorer. (as really no PHP application out there is really manually performing a check for this form, especially since the PHP documentation explicitly states that only one header can be sent) |
The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978) has not been backported to Trusty. It has been included with PHP 5.5.22 in February 2015.
The patch can be found at https://github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b and is trivial.
We'd appreciate if this patch could be backported to Trusty to prevent PHP applications from being insecure against header injections in Internet Explorer. (as really no PHP application out there is really manually performing a check for this form, especially since the PHP documentation explicitly states that only one header can be sent) |
|
2016-06-18 23:02:47 |
Lukas Reschke |
summary |
PHP Security Bug #68978 XSS in header() with Internet Explorer has not been backported |
PHP Security Bug #68978 "XSS in header() with Internet Explorer has not been backported" |
|
2016-06-18 23:02:51 |
Lukas Reschke |
summary |
PHP Security Bug #68978 "XSS in header() with Internet Explorer has not been backported" |
PHP Security Bug #68978: "XSS in header() with Internet Explorer has not been backported" |
|
2016-06-19 14:38:08 |
Lukas Reschke |
summary |
PHP Security Bug #68978: "XSS in header() with Internet Explorer has not been backported" |
PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported |
|
2016-06-20 16:30:19 |
Lukas Reschke |
information type |
Private Security |
Public Security |
|
2016-06-20 16:47:52 |
Lukas Reschke |
cve linked |
|
2011-1398 |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Wily |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
bug task added |
|
php5 (Ubuntu Wily) |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Trusty |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
bug task added |
|
php5 (Ubuntu Trusty) |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Yakkety |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
bug task added |
|
php5 (Ubuntu Yakkety) |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Precise |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
bug task added |
|
php5 (Ubuntu Precise) |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Xenial |
|
2016-06-21 12:12:45 |
Marc Deslauriers |
bug task added |
|
php5 (Ubuntu Xenial) |
|
2016-06-21 12:12:53 |
Marc Deslauriers |
php5 (Ubuntu Wily): status |
New |
Fix Released |
|
2016-06-21 12:12:58 |
Marc Deslauriers |
php5 (Ubuntu Xenial): status |
New |
Fix Released |
|
2016-06-21 12:17:59 |
Marc Deslauriers |
bug watch added |
|
http://bugs.php.net/bug.php?id=68978 |
|
2016-06-21 12:17:59 |
Marc Deslauriers |
bug task added |
|
php |
|
2016-06-21 12:23:24 |
Marc Deslauriers |
cve linked |
|
2015-8935 |
|
2016-06-21 12:23:30 |
Marc Deslauriers |
php5 (Ubuntu Precise): status |
New |
Confirmed |
|
2016-06-21 12:23:34 |
Marc Deslauriers |
php5 (Ubuntu Trusty): status |
New |
Confirmed |
|
2016-06-21 12:23:38 |
Marc Deslauriers |
php5 (Ubuntu Yakkety): status |
New |
Fix Released |
|
2016-06-21 12:23:46 |
Marc Deslauriers |
php5 (Ubuntu Precise): importance |
Undecided |
Medium |
|
2016-06-21 12:23:49 |
Marc Deslauriers |
php5 (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
php5 (Ubuntu Precise): status |
Confirmed |
Fix Released |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2015-4116 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2015-8873 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2015-8876 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5093 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5094 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5095 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5096 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5114 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5385 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5399 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5769 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-5772 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-6288 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-6289 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-6290 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-6291 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-6294 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-6296 |
|
2016-08-02 14:57:16 |
Launchpad Janitor |
cve linked |
|
2016-6297 |
|
2016-08-02 14:57:17 |
Launchpad Janitor |
php5 (Ubuntu Trusty): status |
Confirmed |
Fix Released |
|
2016-08-02 14:57:17 |
Launchpad Janitor |
cve linked |
|
2016-5768 |
|
2016-08-02 14:57:17 |
Launchpad Janitor |
cve linked |
|
2016-5771 |
|
2016-08-02 14:57:17 |
Launchpad Janitor |
cve linked |
|
2016-5773 |
|
2016-08-02 14:57:17 |
Launchpad Janitor |
cve linked |
|
2016-6292 |
|
2016-08-02 14:57:17 |
Launchpad Janitor |
cve linked |
|
2016-6295 |
|