oss-sec mailing list archives
Re: possible flaw in widely used strtod.c implementation
From: Pierre Joye <pierre.php () gmail com>
Date: Tue, 1 Feb 2011 10:42:15 +0100
hi, Little head up on another affected projected: http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ Cheers, On Tue, Jan 11, 2011 at 1:27 AM, Steven M. Christey <coley () rcf-smtp mitre org> wrote:
Since this problem stems from a single codebase, strtod.c, so it gets a single CVE identifier (already assigned CVE-2010-4645). The CVE description will "blame" strtod.c and mention PHP, and any other high-profile software that is discovered to use the same vulnerable, shared code. - Steve
-- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Josh Bressers (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Steven M. Christey (Jan 10)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Feb 01)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)