Candidate: CVE-2013-1824
PublicDate: 2013-09-16 13:02:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1824
 http://www.php.net/ChangeLog-5.php#5.3.23
 http://www.php.net/ChangeLog-5.php#5.4.13
Description:
 The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote
 attackers to read arbitrary files via a SOAP WSDL file containing an XML
 external entity declaration in conjunction with an entity reference,
 related to an XML External Entity (XXE) issue in the soap_xmlParseFile and
 soap_xmlParseMemory functions.
Ubuntu-Description:
Notes:
 mdeslaur> this CVE is for an incomplete fix for CVE-2013-1643. Our
 mdeslaur> CVE-2013-1643 did in fact have the complete fix, so we were
 mdeslaur> not affected by this.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
upstream_php5: released (5.4.4-14, 5.3.23, 5.4.13)
hardy_php5: released (5.2.4-2ubuntu5.27)
lucid_php5: released (5.3.2-1ubuntu4.19)
oneiric_php5: released (5.3.6-13ubuntu3.10)
precise_php5: released (5.3.10-1ubuntu3.6)
quantal_php5: released (5.4.6-1ubuntu1.2)
devel_php5: released (5.4.9-4ubuntu2)