[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: utf-8 security issue in php - 2 CVEs?
From: Pierre Joye <pierre.php () gmail ! com>
Date: 2010-11-17 15:50:59
Message-ID: AANLkTimfA08HwCnr0fcY7uQ8-UtV0gxBTrmdYqZUw0Lt () mail ! gmail ! com
[Download RAW message or body]
On Wed, Nov 17, 2010 at 4:45 AM, Huzaifa Sidhpurwala
<huzaifas@redhat.com> wrote:
> On 11/16/2010 08:40 PM, Pierre Joye wrote:
>> hi,
>>
>> New fixes or improved fixes, even for known flaw, get new CVE #. I was
>> not sure about that a couple of months ago, but that's the answer I
>> got when I asked about the policy for such cases. I think it makes
>> even more sense in this particular flaw.
>>
> Right,
> However i am wondering why there is no mention of CVE-2009-5016 in the
> php NEWS file from the SVN.
> It only mentions:
>
> "
> - Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the
> number
> of reported malformed sequences). (CVE-2010-3870) (Gustavo)
> "
I only updated the NEWS for the upcoming release as the fix applies to
this specific CVE.
However I can add a ref to CVE-2009-5016 to the related NEWS entry
(for the record, as it was released already), if you have found it :)
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic