/[advisories]/10456.adv
ViewVC logotype

Contents of /10456.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 208 - (show annotations) (download)
Tue Jul 16 18:14:40 2013 UTC (10 years, 8 months ago) by claire
File size: 922 byte(s)
Add CVE-2013-4635 to 3 php mgasa-2013-0172 mga#10456
1 type: security
2 subject: Updated php packages fix security vulnerabilies
3 CVE:
4 - CVE-2013-2110
5 - CVE-2013-4635
6 src:
7 3:
8 core:
9 - php-5.4.16-1.mga3
10 - php-apc-3.1.14-7.1.mga3
11 - php-gd-bundled-5.4.16-1.mga3
12 - php-timezonedb-2013.3-1.mga3
13 description: |
14 Heap based buffer overflow in quoted_printable_encode() in PHP before
15 version 5.4.16 (CVE-2013-2110).
16
17 Integer overflow in the SdnToJewish function in jewish.c in the Calendar
18 component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows
19 context-dependent attackers to cause a denial of service (application hang)
20 via a large argument to the jdtojewish function. (CVE-2013-4635)
21
22 This update provides PHP version 5.4.16 which fixes this as well as
23 several other issues.
24 references:
25 - https://bugs.mageia.org/show_bug.cgi?id=10456
26 - http://www.php.net/ChangeLog-5.php
27 - http://lwn.net/Vulnerabilities/559055/
28 ID: MGASA-2013-0172

  ViewVC Help
Powered by ViewVC 1.1.30