CVE-2020-7067

Priority
Description
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below
7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode()
function can be made to access locations past the allocated memory, due to
erroneously using signed numbers as array indexes.
Notes
mdeslauronly an issue when CHARSET_EBCDIC is defined, which isn't the
case on any Ubuntu platforms.
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Package
Upstream:released (7.3.17)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Package
Upstream:released (7.4.5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):not-affected (code not present)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be
More Information

Updated: 2020-05-07 13:17:13 UTC (commit 9c52fbc2943459298ae6679cb4a2c01c5d1eed4d)