group.of.nepali.translators team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

This was assigned CVE-2015-8935

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8935

** Changed in: php5 (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: php5 (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: php5 (Ubuntu Yakkety)
       Status: New => Fix Released

** Changed in: php5 (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: php5 (Ubuntu Trusty)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1594041

Title:
  PHP Security Bug #68978: "XSS in header() with Internet Explorer" has
  not been backported

Status in php:
  Unknown
Status in php5 package in Ubuntu:
  Fix Released
Status in php5 source package in Precise:
  Confirmed
Status in php5 source package in Trusty:
  Confirmed
Status in php5 source package in Wily:
  Fix Released
Status in php5 source package in Xenial:
  Fix Released
Status in php5 source package in Yakkety:
  Fix Released

Bug description:
  The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978)
  has not been backported to Trusty. It has been included with PHP
  5.5.22 in February 2015.

  The patch can be found at https://github.com/php/php-
  src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b and is trivial.

  We'd appreciate if this patch could be backported to Trusty to prevent
  PHP applications from being insecure against header injections in
  Internet Explorer. (as really no PHP application out there is really
  manually performing a check for this form, especially since the PHP
  documentation explicitly states that only one header can be sent)

To manage notifications about this bug go to:
https://bugs.launchpad.net/php/+bug/1594041/+subscriptions