[php-maint] Bug#683694: php5: CVE-2012-3450: pdo array overread/crash
henri at nerv.fi
Thu Aug 2 21:29:25 UTC 2012
Subject: CVE-2012-3450: php5 pdo array overread/crash
Tags: security, fixed-upstream
Denial of service vulnerability has been found and fixed in PHP, which might affect Debian packages too.
Original report: http://seclists.org/bugtraq/2012/Jun/60 (Discovered by 0x721427D8 via BeyondSecurity - SecuriTeam Secure Disclosure)
Upstream bug-report: https://bugs.php.net/bug.php?id=61755 with a test-case
Currently in Debian security tracker as undetermined: http://lists.alioth.debian.org/pipermail/secure-testing-commits/2012-August/021045.html
As I do not currently have time I request package maintainers to check if Debian packages are affected. I can also do proper testing and add affected versions to this bug-report after few days when I have more free time.
More information about the pkg-php-maint