CVE-2009-3292

NameCVE-2009-3292
DescriptionUnspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...
SourceCVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more)
ReferencesDSA-1940-1
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)squeeze5.3.3-7+squeeze17fixed
squeeze (security)5.3.3-7+squeeze19fixed
wheezy5.4.4-14+deb7u7fixed
wheezy (security)5.4.4-14+deb7u8fixed
jessie5.5.11+dfsg-2fixed
sid5.5.11+dfsg-3fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)5.2.11.dfsg.1-1low
php5sourceetch5.2.0+dfsg-8+etch16DSA-1940-1
php5sourcelenny5.2.6.dfsg.1-1+lenny4DSA-1940-1

Notes

unknown impact, it is related to missing sanity checks
when determining the length of sections of jpg headers
a missing limit on the nesting level of TIFF files, and
missing EOF checks, possibly leading to NULL dereferences
experimental is likely to be affected (as of 5.3.0)

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)