oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stefan Esser's 0day PHP SysCan flaw

From: Raphael Geissert <geissert () debian org>
Date: Sun, 27 Jun 2010 01:17:06 -0500
Hi Josh,

Josh Bressers wrote:

I just assigned CVE-2010-2225 to Stefan Esser's 0day PHP unserialize flaw.

He speaks of it on his twitter page:
http://twitter.com/i0n1c/status/16447867829

Our bug is here:
https://bugzilla.redhat.com/show_bug.cgi?id=605641

We'll update it as we learn more.


Here's a public, limited, explanation:
http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-
deserialization-use-after-free-vulnerability/

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Previous By Date Next
Previous By Thread Next

Current thread: