CVE-2019-11049

Priority
Description
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying
custom headers to mail() function, due to mistake introduced in commit
78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in
lowercase, this can result in double-freeing certain memory locations.
Assigned-to
leosilva
Notes
mdeslaurthis issue is Windows-specific
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):not-affected
Ubuntu 20.04 (Focal Fossa):not-affected
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=11893c8e665d285f72c2b8a0fbe01a3fcc03b806
More Information

Updated: 2020-01-29 20:04:35 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)