Candidate: CVE-2012-0789
PublicDate: 2012-02-14 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0789
 http://openwall.com/lists/oss-security/2012/01/20/3
Description:
 Memory leak in the timezone functionality in PHP before 5.3.9 allows remote
 attackers to cause a denial of service (memory consumption) by triggering
 many strtotime function calls, which are not properly handled by the
 php_date_parse_tzfile cache.
Ubuntu-Description:
Notes:
 sbeattie> patch is invasive and changes some interfaces, likely to
 sbeattie> introduce regressions
 mdeslaur> too intrusive to fix, marking as "ignored"
Bugs:
 https://bugs.php.net/bug.php?id=53502
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=320481
upstream_php5: released (5.3.9)
hardy_php5: ignored
lucid_php5: ignored
maverick_php5: ignored (reached end-of-life)
natty_php5: ignored
oneiric_php5: ignored
precise_php5: not-affected (5.3.10-1ubuntu1)
devel_php5: not-affected (5.3.10-1ubuntu1)