CVE-2017-16642 (retired)

Priority
Description
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error
in the date extension's timelib_meridian handling of 'front of' and 'back
of' directives could be used by attackers able to supply date strings to
leak information from the interpreter, related to ext/date/lib/parse_date.c
out-of-bounds reads affecting the php_parse_date function. NOTE: this is a
different issue than CVE-2017-11145.
Notes
leosilvafollowing debian comments, precise is not affected.
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/a7815e63bdab95f7b9b0e32c52c81a4b6ad3a8f6
Package
Upstream:released (7.0.25)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.25-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (7.1.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1
More Information

Updated: 2019-10-09 07:59:31 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)