registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #32490
[Bug 697181] Re: DoS: Infinite loop processing 2.2250738585072011e-308
This bug was fixed in the package php5 - 5.3.3-1ubuntu9.2
---------------
php5 (5.3.3-1ubuntu9.2) maverick-security; urgency=low
* SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
php_check_specific_open_basedir()
- CVE-2010-3436
* SECURITY UPDATE: NULL pointer dereference crash
- debian/patches/php5-CVE-2010-3709.patch: check for NULL when
getting zip comment
- CVE-2010-3709
* SECURITY UPDATE: memory consumption denial of service
- debian/patches/php5-CVE-2010-3710.patch: check for email address
longer than RFC 2821 allows
- CVE-2010-3710
* SECURITY UPDATE: xml decode bypass
- debian/patches/php5-CVE-2010-3870.patch: improve utf8 decoding
- CVE-2010-3870
* SECURITY UPDATE: memory disclosure
- debian/patches/php5-CVE-2010-4156.patch: check for excessive
length in mb_strcut()
- CVE-2010-4156
* SECURITY UPDATE: integer overflow can cause an application crash
- debian/patches/php5-CVE-2010-4409.patch: fix invalid args in
NumberFormatter::getSymbol()
- CVE-2010-4409
* SECURITY UPDATE: infinite loop/denial of service when dealing with
certain textual forms of MAX_FLOAT (LP: #697181)
- debian/patches/php5-CVE-2010-4645.patch: treat local doubles
as volatile to avoid x87 registers in zend_strtod()
- CVE-2010-4645
-- Steve Beattie <sbeattie@xxxxxxxxxx> Wed, 05 Jan 2011 22:45:19 -0800
** Changed in: php5 (Ubuntu Maverick)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3436
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3709
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3710
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3870
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4156
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4409
** Changed in: php5 (Ubuntu Lucid)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for php.
https://bugs.launchpad.net/bugs/697181
Title:
DoS: Infinite loop processing 2.2250738585072011e-308
References