[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: NULL byte poisoning fix in php 5.3.4+
From:       Pierre Joye <pierre.php () gmail ! com>
Date:       2010-11-30 2:26:08
Message-ID: AANLkTinDL4GqcgFgjKtAVS7A=vjLbVWq4KA0sA7nFOLE () mail ! gmail ! com
[Download RAW message or body]

Coley? :)

On Mon, Nov 22, 2010 at 5:21 PM, Josh Bressers <bressers@redhat.com> wrote:
> Steve,
>
> Can MITRE take this one. It looks like it's from 2006 (from looking at the
> upstream bug). I don't see a CVE id for this anywhere.
>
> Thanks.
>
> --
>    JB
>
> ----- "Pierre Joye" <pierre.php@gmail.com> wrote:
>
>> anyone?
>>
>> On Thu, Nov 18, 2010 at 5:43 PM, Pierre Joye <pierre.php@gmail.com>
>> wrote:
>> > forgot to add the fixes revs:
>> >
>> > http://svn.php.net/viewvc?view=revision&revision=305507
>> > revert of part of the OCI8 fix
>> > http://svn.php.net/viewvc?view=revision&revision=305509
>> >
>> > OCI8 fix (committed separately)
>> > http://svn.php.net/viewvc?view=revision&revision=305412
>> >
>> > On Thu, Nov 18, 2010 at 5:22 PM, Pierre Joye <pierre.php@gmail.com>
>> > wrote:
>> >> hi,
>> >>
>> >> The problem describes here http://www.madirish.net/?article=436, in
>> >> http://bugs.php.net/39863 (and numerous other places) has been fixed
>> >> in PHP_5_3, targetting 5.3.4 (RC1 to be released today). It is a well
>> >> (old) known issue in PHP and I wonder if there is a CVE already for
>> >> it? If not I think having one could helpful. or?
>> >>
>> >> Cheers,
>> >> --
>> >> Pierre
>> >>
>



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

[prev in list] [next in list] [prev in thread] [next in thread]