[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request, php var_export
From:       Pierre Joye <pierre.php () gmail ! com>
Date:       2010-07-16 15:13:38
Message-ID: AANLkTinDGbKrJILvp_CQeXi78uc_3_g0ih6GBykiuBFu () mail ! gmail ! com
[Download RAW message or body]

hi,

Thanks and no problem, we are in time for the next release :)

Cheers,

On Fri, Jul 16, 2010 at 5:10 PM, Josh Bressers <bressers@redhat.com> wrote:
> Please use CVE-2010-2531
>
> Sorry for the delay.
>
> --
>    JB
>
>
> ----- "Pierre Joye" <pierre.php@gmail.com> wrote:
>
>> hi,
>>
>> Has anyone got the time to look at this request? I would like to have
>> an ID for the last RC before we release final next week (packaging
>> RCs
>> tonight).
>>
>> On Tue, Jul 13, 2010 at 9:00 PM, Pierre Joye <pierre.php@gmail.com>
>> wrote:
>> > hi,
>> >
>> > I would like to request a new # for a flaw in php's var_export. The
>> > reason is that a fatal error occurs due to recursion, memory limit
>> or
>> > execution time var_export bails out. The buffer is never cleared
>> and
>> > it flushes to the user. It's not affected by display_errors() since
>> > its considered part of the output.
>> >
>> > Fix already commited to trunk, 5.2 and 5.3 and will be in the next
>> PHP
>> > releases (5.2.14 and 5.3.3):
>> >
>> > http://svn.php.net/viewvc?view=revision&revision=301143
>> >
>> > Cheers,
>> > --
>> > Pierre
>> >
>> > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
>> >
>>
>>
>>
>> --
>> Pierre
>>
>> @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
>



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

[prev in list] [next in list] [prev in thread] [next in thread]