PublicDateAtUSN: 2011-03-19
Candidate: CVE-2011-1467
PublicDate: 2011-03-20 02:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467
 https://ubuntu.com/security/notices/USN-1126-1
Description:
 Unspecified vulnerability in the NumberFormatter::setSymbol (aka
 numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6
 allows context-dependent attackers to cause a denial of service
 (application crash) via an invalid argument, a related issue to
 CVE-2010-4409.
Ubuntu-Description:
Notes:
 sbeattie> ext/intl had not been merged into core php yet in 5.2.x branch
Bugs:
 http://bugs.php.net/bug.php?id=53512
Priority: medium
Discovered-by: Tomas Hoger
Assigned-to: sbeattie
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=306154
 upstream: http://svn.php.net/viewvc?view=revision&revision=306157
upstream_php5: released (5.3.6)
dapper_php5: not-affected
hardy_php5: not-affected
karmic_php5: not-affected
lucid_php5: released (5.3.2-1ubuntu4.8)
maverick_php5: released (5.3.3-1ubuntu9.4)
natty_php5: released (5.3.5-1ubuntu7.1)
devel_php5: not-affected (5.3.5-1ubuntu7.2)