Launchpad CVE tracker

CVE 2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Related bugs and status

CVE-2018-5712 (Candidate) is related to these bugs:

Bug #1633031: exif_read_data broken in a lot of use cases by the CVE-2016-6291 bugfix

		In	Importance	Status
1633031	exif_read_data broken in a lot of use cases by the CVE-2016-6291 bugfix	php5 (Ubuntu)	Low	Invalid
1633031	exif_read_data broken in a lot of use cases by the CVE-2016-6291 bugfix	php5 (Ubuntu Trusty)	High	Fix Released
1633031	exif_read_data broken in a lot of use cases by the CVE-2016-6291 bugfix	php5 (Ubuntu Precise)	High	Won't Fix

Bug #1744148: [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3

		In	Importance	Status
1744148	[MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3	php7.0 (Ubuntu)	Undecided	Invalid
1744148	[MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3	php7.0 (Ubuntu Xenial)	Wishlist	Fix Released
1744148	[MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3	php7.1 (Ubuntu)	Undecided	Invalid
1744148	[MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3	php7.1 (Ubuntu Artful)	Undecided	Fix Released
1744148	[MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3	php7.2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-5712

References