CVE-2009-1272

NameCVE-2009-1272
DescriptionThe php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDTSA-188-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4source(unstable)(not affected)
php5sourceetch(not affected)
php5sourcelenny5.2.6.dfsg.1-1+lenny2DTSA-188-1
php5source(unstable)5.2.6.dfsg.1-3

Notes

[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
Search for package or bug name: Reporting problems