| Name | CVE-2009-0754 |
| Description | PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1789-1 |
| Debian Bugs | 523049 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| php5 (PTS) | jessie, jessie (lts) | 5.6.40+dfsg-0+deb8u21 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| php4 | source | (unstable) | (unfixed) | low | ||
| php5 | source | etch | 5.2.0+dfsg-8+etch15 | DSA-1789-1 | ||
| php5 | source | lenny | 5.2.6.dfsg.1-1+lenny3 | DSA-1789-1 | ||
| php5 | source | (unstable) | 5.2.9.dfsg.1-2 | low | 523049 |