oss-sec mailing list archives
Re: CVE request: PHP MOPS-2010-56..60
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 20 Aug 2010 12:17:43 +0200
On Thu, 19 Aug 2010 18:22:29 +0200 pierre.php () gmail com wrote:
Which one did not get an is? Most of those were actually a single issue.
MOPS-2010-056 - MOPS-2010-060 as subject indicates. Those are mysqlnd issues and session serializer issue allowing data injection. Not any from that set of interruption issues that exposed one or two problems in different ways. Has upstream managed to track MOPS-2010-022 down to a proper fix already? That one was not fixed in 5.3.3. I'm also wondering whether the case pointed out in MOPS-2010-024 was not addressed in phar commit intentionally. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- <Possible follow-ups>
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Thomas Biege (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Josh Bressers (Aug 25)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)