oss-sec mailing list archives
Re: Re: CVE Request - roundcubemail
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 13 Dec 2008 21:42:27 +0100
* Ingrid wrote:
Therefore, I agree with Raphael that the issue has not been found yet.
It may be related to: <http://www.hardened-php.net/advisory_042006.119.html> Is there some way to turn of /e support in preg_replace (causing PHP to abort with an error instead), in particular if the captures contain one of the characters "$", "{", "}"? Is it safe to surround the captures with '$1' instead of "$1"?
Current thread:
- CVE Request - roundcubemail Jan Lieskovsky (Dec 12)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 16)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 17)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 17)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 24)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 28)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 15)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 15)
- Re: Re: CVE Request - roundcubemail Christian Hoffmann (Dec 15)
- Re: Re: CVE Request - roundcubemail Raphael Geissert (Dec 16)