oss-sec mailing list archives
Re: utf-8 security issue in php
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 3 Nov 2010 09:07:19 +0100
JFYI, our php maintainer found that 5.2 seems to use same xml.c so a patch is needed too. Sebastian On Tue, Nov 02, 2010 at 08:08:58PM +0100, Pierre Joye wrote:
hi, On Tue, Nov 2, 2010 at 6:10 PM, Vincent Danen <vdanen () redhat com> wrote:* [2010-11-02 16:35:25 +0100] Pierre Joye wrote:On Tue, Nov 2, 2010 at 3:24 PM, Josh Bressers <bressers () redhat com> wrote:As best as I can tell, this only needs one ID. Please use CVE-2010-3870.Thanks, I updated the bug report and the NEWS file. Please note that only 5.3 and later contains this fix. 5.3.4 will have the fix.Are you saying that 5.3 and later _need_ this fix? I.e. that this doesn't affect earlier versions? Can you clarify? Thanks.This comment was not very clear, sorry. I'm saying that 5.3 and later have been changed to fix this problem. I have no idea if 5.2 requires a fix and won't investigate either (sadly no time). It was more for the CVE description, to be sure that the mention of 5.3+ will be present. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- utf-8 security issue in php Oden Eriksson (Nov 02)
- Re: utf-8 security issue in php Pierre Joye (Nov 02)
- Re: utf-8 security issue in php Josh Bressers (Nov 02)
- Re: utf-8 security issue in php Pierre Joye (Nov 02)
- Re: utf-8 security issue in php Vincent Danen (Nov 02)
- Re: utf-8 security issue in php Pierre Joye (Nov 02)
- Re: utf-8 security issue in php Vincent Danen (Nov 02)
- Re: utf-8 security issue in php Sebastian Krahmer (Nov 03)
- Re: utf-8 security issue in php Josh Bressers (Nov 02)
- Re: utf-8 security issue in php Pierre Joye (Nov 02)
- Re: utf-8 security issue in php Pierre Joye (Nov 14)