[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: Issues without CVE names in PHP 5.3.4/5.2.15 release
From: Raphael Geissert <geissert () debian ! org>
Date: 2010-12-13 19:19:59
Message-ID: ie5rj0$59f$1 () dough ! gmane ! org
[Download RAW message or body]
Vincent Danen wrote:
> * [2010-12-13 18:47:19 +0100] Pierre Joye wrote:
>>> * Fixed extract() to do not overwrite $GLOBALS and $this when using
>>> EXTR_OVERWRITE.
>>
>>Not sure either if it requires one.
>
> I can't tell because I can't find any information, however if you don't
> believe this is security-relevant, I won't pursue it. However, I would
> question whether or not it is worth listing under "security enhancements
> and fixes" instead of just "key bug fixes"?
The commit is http://svn.php.net/viewvc?view=revision&revision=305570
OTOH, this one _could_ be considered relevant (local only, not important
IMHO):
http://svn.php.net/viewvc?view=revision&revision=305303
$ php t.php
PHP Warning: openssl_csr_new(): dn: `�
�
�
����ȿ��ȿXr�
�
��ȿ���e� , is not a recognized name in /tmp/t.php on line 3
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic