A code injection vulnerability was found in php-gettext. Evaluating the plural form formula in ngettext family of calls can execute arbitrary code if number is passed unsanitized from the untrusted user. References: http://seclists.org/fulldisclosure/2016/Aug/76
Created php53-php-gettext tracking bugs for this issue: Affects: epel-5 [bug 1367465]
Created php-php-gettext tracking bugs for this issue: Affects: fedora-all [bug 1367463] Affects: epel-all [bug 1367464]
CVE assignment: http://seclists.org/oss-sec/2017/q1/128
CVE assignment summary : php-php-gettext-attribatary code execution, conducting code execution - CVE-2018-8986 php-php-gettext:
Hi, Can you please clarify what's needed here ? Regards YOG.
I would assume this RHBZ could be closed?
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.