Candidate: CVE-2012-0807
PublicDate: 2012-01-27 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0807
Description:
 Stack-based buffer overflow in the suhosin_encrypt_single_cookie function
 in the transparent cookie-encryption feature in the Suhosin extension
 before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader
 are enabled, might allow remote attackers to execute arbitrary code via a
 long string that is used in a Set-Cookie HTTP header.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=783350
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_php-suhosin:
 upstream: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
upstream_php-suhosin: needs-triage
hardy_php-suhosin: ignored (reached end-of-life)
lucid_php-suhosin: ignored (reached end-of-life)
maverick_php-suhosin: ignored (reached end-of-life)
natty_php-suhosin: ignored (reached end-of-life)
oneiric_php-suhosin: ignored (reached end-of-life)
precise_php-suhosin: not-affected (0.9.33-1)
quantal_php-suhosin: not-affected (0.9.33-3build1)
raring_php-suhosin: DNE
saucy_php-suhosin: DNE
devel_php-suhosin: DNE