A potential Cross Site Scripting (XSS) vulnerability was found in the PECL APC package in versions prior to 3.1.4 [1]. A patch [2] to correct this flaw is available. This flaw affects Fedora 12 (currently 3.1.3p1), EPEL5 (currently 3.0.19) and the version of php-pecl-apc to appear in Red Hat Enterprise Linux 6 (currently 3.1.3p1). This flaw has been assigned the name CVE-2010-3294. [1] http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4 [2] http://svn.php.net/viewvc/pecl/apc/trunk/apc.php?r1=301548&r2=301867&view=patch
Created php-pecl-apc tracking bugs for this issue Affects: fedora-12 [bug 634336]
Statement: (none)
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0811 https://rhn.redhat.com/errata/RHSA-2012-0811.html