oss-sec mailing list archives
Re: CVE request: Argument injections in multiple PEAR packages
From: "Steven M. Christey" <coley () linus mitre org>
Date: Sat, 28 Nov 2009 11:40:37 -0500 (EST)
All, Please use CVE-2009-4023 for the $from variable in Mail only. I just assigned CVE-2009-4111 for the outstanding bug for $recipient; since that argument was reported after $from had been fixed, we are effectively dealing with different downstream versions and possibly partial patches by some distros. - Steve
Current thread:
- CVE request: Argument injections in multiple PEAR packages Alex Legler (Nov 23)
- Re: CVE request: Argument injections in multiple PEAR packages Josh Bressers (Nov 24)
- Re: CVE request: Argument injections in multiple PEAR packages Steven M. Christey (Nov 28)
- Re: CVE request: Argument injections in multiple PEAR packages Raphael Geissert (Dec 11)
- Re: CVE request: Argument injections in multiple PEAR packages Josh Bressers (Nov 24)