[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: CVE request: is_a() function may allow
From: Pierre Joye <pierre.php () gmail ! com>
Date: 2011-09-26 23:27:23
Message-ID: CAEZPtU7ixC8g-Jy-uFz+7WW4yu5DBFWttSimuybrVqd2eRdmQw () mail ! gmail ! com
[Download RAW message or body]
2011/9/27 Johannes Schlüter <johannes@schlueters.de>:
> The old code didn't make code secure. There was still a high chance that
> an attacker might exploit such a broken __autoload() function.
With this change, it is not a chance anymore but a fact. And that's
the whole point.
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic