View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2004-1019 medium priority: Ubuntu including 2 source packages (php4, php5), 8 status rows across 4 suites (dapper, edgy, feisty, upstream): released 5, needs-triage 2, DNE 1.
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.