Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-4635

Published: 21 June 2013

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.

Notes

AuthorNote
seth-arnold
codesearch.debian.net shows no callers of this jdtojewish php
function. Flaws in PHP itself that allow crashing the interpreter are not in
themselves security problems.

Priority

Negligible

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
upstream
Released (5.5.0)
lucid
Released (5.3.2-1ubuntu4.20)
precise
Released (5.3.10-1ubuntu3.7)
quantal
Released (5.4.6-1ubuntu1.3)
raring
Released (5.4.9-4ubuntu2.2)
Patches:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=4828f7343b3f31d914f4d4a5545865b8a19f7fb6
upstream: http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df0d6195bdce