[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request: is_a() function may allow
From:       Pierre Joye <pierre.php () gmail ! com>
Date:       2011-09-26 23:27:23
Message-ID: CAEZPtU7ixC8g-Jy-uFz+7WW4yu5DBFWttSimuybrVqd2eRdmQw () mail ! gmail ! com
[Download RAW message or body]

2011/9/27 Johannes Schlüter <johannes@schlueters.de>:

> The old code didn't make code secure. There was still a high chance that
> an attacker might exploit such a broken __autoload() function.

With this change, it is not a chance anymore but a fact. And that's
the whole point.

-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

[prev in list] [next in list] [prev in thread] [next in thread]