oss-sec mailing list archives
Re: presumptive php sec holes
From: yersinia <yersinia.spiros () gmail com>
Date: Tue, 13 Oct 2009 10:25:15 +0200
On Mon, Oct 12, 2009 at 6:22 PM, Josh Bressers <bressers () redhat com> wrote:
----- "Oden Eriksson" <oeriksson () mandriva com> wrote:Hello. Attached are some php patches that to me looks security related (unknown impact). I hope someone with insight can classify and possible assign CVE numbers. The patches were taken from their svn repo, so it's "official".Did you contact PHP upstream about these? They're usually quite on the ball with understanding security flaws, so they are likely the best group to help you determine what the impact of these are.
These have probably some refs http://bugs.php.net/search.php?search_for=&boolean=1&limit=10&order_by=&direction=ASC&cmd=display&status=All&bug_type[]=Safe+Mode%2Fopen_basedir&php_os=&phpver=5.3&assign=&author_email=&bug_age=0
-- JB
Current thread:
- presumptive php sec holes Oden Eriksson (Oct 12)
- Re: presumptive php sec holes Josh Bressers (Oct 12)
- Re: presumptive php sec holes yersinia (Oct 13)
- Re: presumptive php sec holes Josh Bressers (Oct 12)