1
Candidate: CVE-2017-8923
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8923
6
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5
7
does not prevent changes to string objects that result in a negative
8
length, which allows remote attackers to cause a denial of service
9
(application crash) or possibly have unspecified other impact by leveraging
10
a script's use of .= with a long string.
13
mdeslaur> unfixed as of 2018-06-12
15
https://bugs.php.net/bug.php?id=74577
16
https://bugs.php.net/bug.php?id=73122
22
upstream_php5: not-affected
23
precise/esm_php5: deferred (2018-06-12)
24
trusty_php5: deferred (2018-06-12)
25
vivid/ubuntu-core_php5: DNE
26
vivid/stable-phone-overlay_php5: DNE
35
upstream_php7.0: needed
36
precise/esm_php7.0: DNE
38
vivid/ubuntu-core_php7.0: DNE
39
vivid/stable-phone-overlay_php7.0: DNE
40
xenial_php7.0: deferred (2018-06-12)
41
yakkety_php7.0: ignored (reached end-of-life)
42
zesty_php7.0: ignored (reached end-of-life)
48
upstream_php7.1: needed
49
precise/esm_php7.1: DNE
51
vivid/ubuntu-core_php7.1: DNE
52
vivid/stable-phone-overlay_php7.1: DNE
56
artful_php7.1: deferred (2018-06-12)
61
upstream_php7.2: needs-triage
62
precise/esm_php7.2: DNE
66
bionic_php7.2: deferred (2018-06-12)
67
devel_php7.2: deferred (2018-06-12)