Re: Re: CVE request, php var_export

[Pierre Joye <pierre.php () gmail com>]

hi,

Thanks and no problem, we are in time for the next release :)

Cheers,

On Fri, Jul 16, 2010 at 5:10 PM, Josh Bressers <bressers () redhat com> wrote:
> Please use CVE-2010-2531
>
> Sorry for the delay.
>
> --
>    JB
>
>
> ----- "Pierre Joye" <pierre.php () gmail com> wrote:
>
> > hi,
> >
> > Has anyone got the time to look at this request? I would like to have
> > an ID for the last RC before we release final next week (packaging
> > RCs
> > tonight).
> >
> > On Tue, Jul 13, 2010 at 9:00 PM, Pierre Joye <pierre.php () gmail com>
> > wrote:
> > > hi,
> > >
> > > I would like to request a new # for a flaw in php's var_export. The
> > > reason is that a fatal error occurs due to recursion, memory limit
> > or
> > > execution time var_export bails out. The buffer is never cleared
> > and
> > > it flushes to the user. It's not affected by display_errors() since
> > > its considered part of the output.
> > >
> > > Fix already commited to trunk, 5.2 and 5.3 and will be in the next
> > PHP
> > > releases (5.2.14 and 5.3.3):
> > >
> > > http://svn.php.net/viewvc?view=revision&revision=301143
> > >
> > > Cheers,
> > > --
> > > Pierre
> > >
> > > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
> >
> >
> >
> > --
> > Pierre
> >
> > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org