[php-maint] Bug#442247: CVE-2007-4840 multiple errors in iconv function
Nico Golde
nion at debian.org
Fri Sep 14 11:49:17 UTC 2007
Package: php5
Severity: minor
Tags: security
Hi,
a CVE has been issued against your package.
CVE-2007-4840[0]:
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of
service (application crash) via (1) a long string in the out_charset parameter
to the iconv function; or a long string in the charset parameter to the (2)
iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function.
NOTE: this might not be a vulnerability in most web server environments that
support multiple threads, unless these issues can be demonstrated for code
execution.
Please include the CVE id in the changelog if you fix this bug.
This should be a minor bug since it is not really exploitable in most
environments.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070914/a392b602/attachment.pgp
More information about the pkg-php-maint
mailing list