CVE-2008-2051
Published: 5 May 2008
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.2-1ubuntu3.12)
|
feisty |
Released
(5.2.1-0ubuntu1.6)
|
|
gutsy |
Released
(5.2.3-1ubuntu6.4)
|
|
hardy |
Released
(5.2.4-2ubuntu5.3)
|
|
upstream |
Released
(5.2.6)
|
|
Patches: vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 debdiff: http://launchpadlibrarian.net/15065228/php5_5.2.4-2ubuntu5.2.debdiff vendor: http://www.debian.org/security/2008/dsa-1572 |