TEMP-0000000-B391CA

NameTEMP-0000000-B391CA
Descriptionexec functions ignore length but look for NULL termination
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)wheezy5.4.45-0+deb7u2vulnerable
wheezy (security)5.4.45-0+deb7u13fixed
jessie5.6.30+dfsg-0+deb8u1fixed
jessie (security)5.6.33+dfsg-0+deb8u1fixed
php7.0 (PTS)stretch (security), stretch7.0.27-0+deb9u1fixed
buster, sid7.0.29-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)5.6.18+dfsg-1
php5sourcejessie5.6.19+dfsg-0+deb8u1
php5sourcesqueeze5.3.3.1-7+squeeze29
php5sourcewheezy5.4.45-0+deb7u7
php5.6source(unstable)5.6.18+dfsg-1
php7.0source(unstable)7.0.3-1

Notes

temporary workaround until CVE assigned to explitly tag for squeeze
https://bugs.php.net/bug.php?id=71039
https://bugzilla.redhat.com/show_bug.cgi?id=1305494
https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
Fixed in 5.6.18, 5.5.32, 7.0.3

Search for package or bug name: Reporting problems