oss-sec mailing list archives
Re: Stefan Esser's 0day PHP SysCan flaw
From: Raphael Geissert <geissert () debian org>
Date: Sun, 27 Jun 2010 01:17:06 -0500
Hi Josh, Josh Bressers wrote:
I just assigned CVE-2010-2225 to Stefan Esser's 0day PHP unserialize flaw. He speaks of it on his twitter page: http://twitter.com/i0n1c/status/16447867829 Our bug is here: https://bugzilla.redhat.com/show_bug.cgi?id=605641 We'll update it as we learn more.
Here's a public, limited, explanation: http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage- deserialization-use-after-free-vulnerability/ Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- Stefan Esser's 0day PHP SysCan flaw Josh Bressers (Jun 18)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 27)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 30)
- Re: Re: Stefan Esser's 0day PHP SysCan flaw Pierre Joye (Jun 30)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 30)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 27)