Ubuntu
php5 package

  1. Bug #697181
  2. Comment #8

Comment 8 for bug 697181

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.3.2-1ubuntu4.6

---------------
php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low

  * SECURITY UPDATE: open_basedir bypass
    - debian/patches/php5-CVE-2010-3436.patch: more strict checking in
      php_check_specific_open_basedir()
    - CVE-2010-3436
  * SECURITY UPDATE: NULL pointer dereference crash
    - debian/patches/php5-CVE-2010-3709.patch: check for NULL when
      getting zip comment
    - CVE-2010-3709
  * SECURITY UPDATE: memory consumption denial of service
    - debian/patches/php5-CVE-2010-3710.patch: check for email address
      longer than RFC 2821 allows
    - CVE-2010-3710
  * SECURITY UPDATE: xml decode bypass
    - debian/patches/php5-CVE-2010-3870.patch: improve utf8 decoding
    - CVE-2010-3870
  * SECURITY UPDATE: integer overflow can cause an application crash
    - debian/patches/php5-CVE-2010-4409.patch: fix invalid args in
      NumberFormatter::getSymbol()
    - CVE-2010-4409
  * SECURITY UPDATE: infinite loop/denial of service when dealing with
    certain textual forms of MAX_FLOAT (LP: #697181)
    - debian/patches/php5-CVE-2010-4645.patch: treat local doubles
      as volatile to avoid x87 registers in zend_strtod()
    - CVE-2010-4645
 -- Steve Beattie <email address hidden> Fri, 07 Jan 2011 10:56:23 -0800