Ubuntu
php5 package

php5 5.2.4 and lower vulnerable to several CVEs

Bug #228095 reported by Mathias Menzer
254
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Undecided
Unassigned
Feisty
Fix Released
Undecided
Unassigned
Gutsy
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Jamie Strandboge

Bug Description

Binary package hint: php5

Please provide php5.2.5 for Versions older that Intrepid Ibex.

In php 5.2.5, several Security Issues have been fixed:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5900

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

CVE-2007-5898 fixed in dapper, edgy, feisty, gutsy, but still needed on hardy

Changed in php5:
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

5.2.5-3ubuntu1 is now in Intrepid.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/usn-549-1

Changed in php5:
status: New → Invalid
status: New → Fix Released
status: Invalid → Fix Released
status: New → Fix Released
assignee: nobody → jdstrand
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/usn-628-1

Changed in php5:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.