oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Stefan Esser's 0day PHP SysCan flaw

From: Pierre Joye <pierre.php () gmail com>
Date: Wed, 30 Jun 2010 18:33:48 +0200
hi,

On Wed, Jun 30, 2010 at 5:32 PM, Raphael Geissert <geissert () debian org> wrote:

Raphael Geissert wrote:

Here's a public, limited, explanation:
http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-
deserialization-use-after-free-vulnerability/


And the fix by upstream:
http://svn.php.net/viewvc?view=revision&revision=300843


And Stefan confirmed that the fix is correct (via one of his colleague
at SektionsEins).

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Previous By Date Next
Previous By Thread Next

Current thread: