1
PublicDateAtUSN: 2016-07-25
2
Candidate: CVE-2016-6294
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294
6
https://usn.ubuntu.com/usn/usn-3045-1
8
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in
9
PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not
10
properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function,
11
which allows remote attackers to cause a denial of service (out-of-bounds
12
read) or possibly have unspecified other impact via a call with a long
17
https://bugs.php.net/bug.php?id=72533
23
upstream: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
24
upstream_php5: needs-triage
25
precise_php5: released (5.3.10-1ubuntu3.24)
26
trusty_php5: released (5.5.9+dfsg-1ubuntu4.19)
27
vivid/ubuntu-core_php5: DNE
28
vivid/stable-phone-overlay_php5: DNE
29
wily_php5: ignored (reached end-of-life)
34
upstream: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
35
upstream_php7.0: released (7.0.9)
38
vivid/ubuntu-core_php7.0: DNE
39
vivid/stable-phone-overlay_php7.0: DNE
41
xenial_php7.0: released (7.0.8-0ubuntu0.16.04.2)
42
devel_php7.0: released (7.0.8-3ubuntu2)