[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Issues without CVE names in PHP 5.3.4/5.2.15 release
From:       Raphael Geissert <geissert () debian ! org>
Date:       2010-12-13 19:19:59
Message-ID: ie5rj0$59f$1 () dough ! gmane ! org
[Download RAW message or body]

Vincent Danen wrote:
> * [2010-12-13 18:47:19 +0100] Pierre Joye wrote:
>>> * Fixed extract() to do not overwrite $GLOBALS and $this when using
>>> EXTR_OVERWRITE.
>>
>>Not sure either if it requires one.
> 
> I can't tell because I can't find any information, however if you don't
> believe this is security-relevant, I won't pursue it.  However, I would
> question whether or not it is worth listing under "security enhancements
> and fixes" instead of just "key bug fixes"?

The commit is http://svn.php.net/viewvc?view=revision&revision=305570


OTOH, this one _could_ be considered relevant (local only, not important 
IMHO):
http://svn.php.net/viewvc?view=revision&revision=305303

$ php t.php 
PHP Warning:  openssl_csr_new(): dn: `�
 �
�
����ȿ��ȿXr�
�

��ȿ���e�        , is not a recognized name in /tmp/t.php on line 3

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


[prev in list] [next in list] [prev in thread] [next in thread]