oss-sec mailing list archives
Re: Re: utf-8 security issue in php - 2 CVEs?
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 17 Nov 2010 09:15:00 +0530
On 11/16/2010 08:40 PM, Pierre Joye wrote:
hi, New fixes or improved fixes, even for known flaw, get new CVE #. I was not sure about that a couple of months ago, but that's the answer I got when I asked about the policy for such cases. I think it makes even more sense in this particular flaw.
Right, However i am wondering why there is no mention of CVE-2009-5016 in the php NEWS file from the SVN. It only mentions: " - Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number of reported malformed sequences). (CVE-2010-3870) (Gustavo) " -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Current thread:
- utf-8 security issue in php - 2 CVEs? Huzaifa Sidhpurwala (Nov 15)
- Re: utf-8 security issue in php - 2 CVEs? Pierre Joye (Nov 16)
- Re: Re: utf-8 security issue in php - 2 CVEs? Huzaifa Sidhpurwala (Nov 17)
- Re: Re: utf-8 security issue in php - 2 CVEs? Pierre Joye (Nov 17)
- Re: Re: utf-8 security issue in php - 2 CVEs? Huzaifa Sidhpurwala (Nov 17)
- Re: utf-8 security issue in php - 2 CVEs? Pierre Joye (Nov 16)