CVE-2011-1467

Published: 19 March 2011

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian 		Upstream
Released (5.3.6)
Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=306154
Upstream: http://svn.php.net/viewvc?view=revision&revision=306157

Notes

AuthorNote
sbeattie 
ext/intl had not been merged into core php yet in 5.2.x branch

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading