Candidate: CVE-2011-3379
PublicDate: 2011-11-03 15:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3379
 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
 http://www.openwall.com/lists/oss-security/2011/09/24/2
Description:
 The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload
 function, which makes it easier for remote attackers to execute arbitrary
 code by providing a crafted URL and leveraging potentially unsafe behavior
 in certain PEAR packages and custom autoloaders.
Ubuntu-Description: 
Notes: 
 mdeslaur> looks like it's 5.3.7 and 5.3.8
Bugs: 
 https://bugs.php.net/bug.php?id=55475
 https://bugzilla.redhat.com/show_bug.cgi?id=741020
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_php5:
upstream_php5: needs-triage
hardy_php5: not-affected (5.2.4-2ubuntu5.17)
lucid_php5: not-affected (5.3.2-1ubuntu4.9)
maverick_php5: not-affected (5.3.3-1ubuntu9.5)
natty_php5: not-affected (5.3.5-1ubuntu7.2)
devel_php5: not-affected (5.3.6-13ubuntu3.1)