749199 – CVE-2011-4078 php-pear-MDB2, roundcubemail: DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject [epel-5]

Bug 749199 - CVE-2011-4078 php-pear-MDB2, roundcubemail: DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject [epel-5]

Summary: CVE-2011-4078 php-pear-MDB2, roundcubemail: DoS (unavailability to access use...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	php-pear-MDB2
Sub Component:
Version:	el5
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Remi Collet
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2011-4078
TreeView+	depends on / blocked

Reported:	2011-10-26 13:19 UTC by Jan Lieskovsky
Modified:	2011-10-27 10:50 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Release Note
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-27 10:50:21 UTC
Type:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jan Lieskovsky 2011-10-26 13:19:11 UTC

epel-5 tracking bug for php-pear-MDB2: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]

Comment 1 Jan Lieskovsky 2011-10-27 10:50:21 UTC

The behaviour of is_a() PHP routine has been restored back to that one <= php-v5.3.6:
See

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3379

for further information.

This means php-pear-MDB2 package, as shipped within Fedora EPEL 5 would NOT be affected by the CVE-2011-4078 issue. Closing this bug.

Note You need to log in before you can comment on or make changes to this bug.