PublicDate: 2008-05-05 17:20:00 UTC
Candidate: CVE-2008-2050
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050
 https://ubuntu.com/security/notices/USN-628-1
Description:
 Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before
 5.2.6 has unknown impact and attack vectors.
Ubuntu-Description:
Notes:
 jdstrand> from redhat bug: Since the FastCGI server is local trusted code
   and not under the control of an attacker
 jdstrand> Dapper not affected (code does not exist)
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050
Priority: low
Discovered-by: Andrei Nigmatulin
Assigned-to: jdstrand
CVSS: 

Patches_php5:
 debdiff: http://launchpadlibrarian.net/15065228/php5_5.2.4-2ubuntu5.2.debdiff
 vendor: http://www.debian.org/security/2008/dsa-1572
upstream_php5: released (5.2.6)
dapper_php5: not-affected
feisty_php5: released (5.2.1-0ubuntu1.6)
gutsy_php5: released (5.2.3-1ubuntu6.4)
hardy_php5: released (5.2.4-2ubuntu5.3)
devel_php5: not-affected (5.2.6-1ubuntu1)