A code injection vulnerability was found in php-gettext. Evaluating the plural form formula in ngettext family of calls can execute arbitrary code if number is passed unsanitized from the untrusted user.
Created php53-php-gettext tracking bugs for this issue:
Affects: epel-5 [bug 1367465]
Created php-php-gettext tracking bugs for this issue:
Affects: fedora-all [bug 1367463]
Affects: epel-all [bug 1367464]
php-php-gettext-attribatary code execution, conducting code execution - CVE-2018-8986 php-php-gettext:
Can you please clarify what's needed here ?
I would assume this RHBZ could be closed?