PublicDate: 2007-09-10 21:17:00 UTC
Candidate: CVE-2007-4782
References: 
 https://ubuntu.com/security/notices/USN-628-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782
Description:
 PHP before 5.2.3 allows context-dependent attackers to cause a denial of
 service (application crash) via (1) a long string in the pattern parameter
 to the glob function; or (2) a long string in the string parameter to the
 fnmatch function, accompanied by a pattern parameter value with undefined
 characteristics, as demonstrated by a "*[1]e" value.  NOTE: this might not
 be a vulnerability in most web server environments that support multiple
 threads, unless these issues can be demonstrated for code execution.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: negligible
Discovered-by:
Assigned-to: 
CVSS: 
upstream_php5: released (5.2.3)
dapper_php5: released (5.1.2-1ubuntu3.12)
edgy_php5: needed
feisty_php5: released (5.2.1-0ubuntu1.6)
gutsy_php5: released (5.2.3-1ubuntu6.4)
hardy_php5: not-affected (5.2.4-2ubuntu3)
devel_php5: not-affected (5.2.4-2ubuntu3)