PublicDate: 2007-02-13 23:28:00 UTC
Candidate: CVE-2007-0906
References:
 https://ubuntu.com/security/notices/USN-424-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
Description:
 Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a
 denial of service and possibly execute arbitrary code via unspecified
 vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions;
 (5) stream filters; and the (6) str_replace, (7) mail, (8)
 ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user
 functions.  NOTE: vector 6 might actually be an integer overflow
 (CVE-2007-1885).  NOTE: as of 20070411, vector (3) might involve the
 imap_mail_compose function (CVE-2007-1825).
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_php5: released (5.1.2-1ubuntu3.9)
edgy_php5: released (5.1.6-1ubuntu2.6)
feisty_php5: released (5.2.1-0ubuntu1.4)
devel_php5: released (5.2.3-1ubuntu5)
upstream_php5: needs-triage