1
Candidate: CVE-2009-1272
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1272
6
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before
7
5.2.9 allows context-dependent attackers to cause a denial of service
8
(crash) via a ZIP file that contains filenames with relative paths, which
9
is not properly handled during extraction.
12
mdeslaur> this is caused by an incomplete fix for CVE-2008-5658.
13
mdeslaur> our patch was complete, so we're not affected
20
upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.48&r2=1.1.2.49
21
upstream_php5: released (5.2.9)
22
dapper_php5: not-affected
23
gutsy_php5: not-affected
24
hardy_php5: not-affected
25
intrepid_php5: not-affected
26
devel_php5: not-affected