[php-maint] Bug#683694: php5: CVE-2012-3450: pdo array overread/crash

Henri Salo henri at nerv.fi
Thu Aug 2 21:29:25 UTC 2012

Subject: CVE-2012-3450: php5 pdo array overread/crash
Package: php5
Severity: important
Tags: security, fixed-upstream

Denial of service vulnerability has been found and fixed in PHP, which might affect Debian packages too.

Original report: http://seclists.org/bugtraq/2012/Jun/60 (Discovered by 0x721427D8 via BeyondSecurity - SecuriTeam Secure Disclosure)
Upstream bug-report: https://bugs.php.net/bug.php?id=61755 with a test-case
Patch: https://bugs.php.net/patch-display.php?bug_id=61755&patch=bug61755.diff&revision=latest
Currently in Debian security tracker as undetermined: http://lists.alioth.debian.org/pipermail/secure-testing-commits/2012-August/021045.html

As I do not currently have time I request package maintainers to check if Debian packages are affected. I can also do proper testing and add affected versions to this bug-report after few days when I have more free time.

Best regards,
Henri Salo

More information about the pkg-php-maint mailing list