oss-sec mailing list archives
Re: Re: CVE request, php var_export
From: Pierre Joye <pierre.php () gmail com>
Date: Fri, 16 Jul 2010 17:13:38 +0200
hi, Thanks and no problem, we are in time for the next release :) Cheers, On Fri, Jul 16, 2010 at 5:10 PM, Josh Bressers <bressers () redhat com> wrote:
Please use CVE-2010-2531 Sorry for the delay. -- JB ----- "Pierre Joye" <pierre.php () gmail com> wrote:hi, Has anyone got the time to look at this request? I would like to have an ID for the last RC before we release final next week (packaging RCs tonight). On Tue, Jul 13, 2010 at 9:00 PM, Pierre Joye <pierre.php () gmail com> wrote:hi, I would like to request a new # for a flaw in php's var_export. The reason is that a fatal error occurs due to recursion, memory limitorexecution time var_export bails out. The buffer is never clearedandit flushes to the user. It's not affected by display_errors() since its considered part of the output. Fix already commited to trunk, 5.2 and 5.3 and will be in the nextPHPreleases (5.2.14 and 5.3.3): http://svn.php.net/viewvc?view=revision&revision=301143 Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org-- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
-- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- CVE request, php var_export Pierre Joye (Jul 13)
- Re: CVE request, php var_export Pierre Joye (Jul 14)
- Re: Re: CVE request, php var_export Josh Bressers (Jul 16)
- Re: Re: CVE request, php var_export Pierre Joye (Jul 16)
- Re: Re: CVE request, php var_export Josh Bressers (Jul 16)
- Re: CVE request, php var_export Pierre Joye (Jul 14)