Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-6039

Published: 20 November 2007

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.

Notes

AuthorNote
jdstrand
arguments to functions in question should be under control of
the script author, so not security-sensitive
also shouldn't affect multi-threaded environments

Priority

Negligible

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life, was needed)
edgy Ignored
(end of life, was needed)
feisty Ignored
(end of life, was needed)
gutsy Ignored
(end of life, was needed)
hardy Ignored
(end of life, was needed)
upstream Needs triage