PublicDateAtUSN: 2011-02-18
Candidate: CVE-2011-0420
PublicDate: 2011-02-19 01:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0420
 https://ubuntu.com/security/notices/USN-1126-1
Description:
 The grapheme_extract function in the Internationalization extension (Intl)
 for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial
 of service (crash) via an invalid size argument, which triggers a NULL
 pointer dereference.
Ubuntu-Description:
Notes:
 mdeslaur> ICU support introduced in 5.3.0, so <lucid is not affected.
Bugs:
Priority: medium
Discovered-by: Maksymilian Arciemowicz
Assigned-to: sbeattie
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=306449
upstream_php5: released (5.3.6RC1)
dapper_php5: not-affected (5.1.2-1ubuntu3.21)
hardy_php5: not-affected (5.2.4-2ubuntu5.14)
karmic_php5: not-affected (5.2.10.dfsg.1-2ubuntu6.7)
lucid_php5: released (5.3.2-1ubuntu4.8)
maverick_php5: released (5.3.3-1ubuntu9.4)
natty_php5: released (5.3.5-1ubuntu7.1)
devel_php5: not-affected (5.3.5-1ubuntu7.2)