oss-sec mailing list archives
Re: Re: Stefan Esser's 0day PHP SysCan flaw
From: Pierre Joye <pierre.php () gmail com>
Date: Wed, 30 Jun 2010 18:33:48 +0200
hi, On Wed, Jun 30, 2010 at 5:32 PM, Raphael Geissert <geissert () debian org> wrote:
Raphael Geissert wrote:Here's a public, limited, explanation: http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage- deserialization-use-after-free-vulnerability/And the fix by upstream: http://svn.php.net/viewvc?view=revision&revision=300843
And Stefan confirmed that the fix is correct (via one of his colleague at SektionsEins). Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- Stefan Esser's 0day PHP SysCan flaw Josh Bressers (Jun 18)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 27)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 30)
- Re: Re: Stefan Esser's 0day PHP SysCan flaw Pierre Joye (Jun 30)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 30)
- Re: Stefan Esser's 0day PHP SysCan flaw Raphael Geissert (Jun 27)