← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #05099

[Bug 1594041] Re: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported

  Thread PreviousDate PreviousThread Next 
** Also affects: php5 (Ubuntu Wily)
   Importance: Undecided
       Status: New

** Also affects: php5 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: php5 (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Also affects: php5 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: php5 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: php5 (Ubuntu Wily)
       Status: New => Fix Released

** Changed in: php5 (Ubuntu Xenial)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1594041

Title:
  PHP Security Bug #68978: "XSS in header() with Internet Explorer" has
  not been backported

Status in php:
  Unknown
Status in php5 package in Ubuntu:
  New
Status in php5 source package in Precise:
  New
Status in php5 source package in Trusty:
  New
Status in php5 source package in Wily:
  Fix Released
Status in php5 source package in Xenial:
  Fix Released
Status in php5 source package in Yakkety:
  New

Bug description:
  The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978)
  has not been backported to Trusty. It has been included with PHP
  5.5.22 in February 2015.

  The patch can be found at https://github.com/php/php-
  src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b and is trivial.

  We'd appreciate if this patch could be backported to Trusty to prevent
  PHP applications from being insecure against header injections in
  Internet Explorer. (as really no PHP application out there is really
  manually performing a check for this form, especially since the PHP
  documentation explicitly states that only one header can be sent)

To manage notifications about this bug go to:
https://bugs.launchpad.net/php/+bug/1594041/+subscriptions
  Thread PreviousDate PreviousThread Next