1
PublicDateAtUSN: 2015-06-09
2
Candidate: CVE-2015-4022
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
6
http://www.openwall.com/lists/oss-security/2015/05/18/2
7
https://usn.ubuntu.com/usn/usn-2658-1
9
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before
10
5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP
11
servers to execute arbitrary code via a long reply to a LIST command,
12
leading to a heap-based buffer overflow.
16
https://bugs.php.net/bug.php?id=69545
18
Discovered-by: Max Spelsberg
22
upstream: http://git.php.net/?p=php-src.git;a=commit;h=8f4a6d6e1b6c36259a5dc865d16f0dad76f2f2c9 (bp)
23
upstream: http://git.php.net/?p=php-src.git;a=commit;h=ac2832935435556dc593784cd0087b5e576bbe4d (5.4,5.5,5.6)
24
upstream_php5: released (5.4.41,5.5.25,5.6.9)
25
precise_php5: released (5.3.10-1ubuntu3.19)
26
trusty_php5: released (5.5.9+dfsg-1ubuntu4.11)
27
utopic_php5: released (5.5.12+dfsg-2ubuntu4.6)
28
vivid_php5: released (5.6.4+dfsg-4ubuntu6.2)
29
devel_php5: released (5.6.9+dfsg-1ubuntu1)