oss-sec mailing list archives
CVE id request: php5
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Wed, 28 Jan 2009 12:58:11 -0500
Hi I don't think this has a CVE id yet. Quote from the debian bugreport: "When an invalid key is used when calling dba_replace on a dba inifile resource it leads to file truncation." References: Debian Bugreport: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507101 Security Reason: http://securityreason.com/achievement_securityalert/58 Upstream patch: http://cvs.php.net/viewvc.cgi/php-src/ext/dba/libinifile/inifile.c?r1=1.14.2.1.2.4&r2=1.14.2.1.2.5 Could I please get a CVE id for this? Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request: php5 Steffen Joeris (Jan 28)
- Re: CVE id request: php5 Josh Bressers (Jan 28)
- Re: CVE id request: php5 Raphael Geissert (Jan 28)
- Re: Re: CVE id request: php5 Joe Orton (Jan 29)
- Re: Re: CVE id request: php5 Steven M. Christey (Jan 29)
- Re: CVE id request: php5 Raphael Geissert (Jan 28)
- Re: CVE id request: php5 Josh Bressers (Jan 28)