oss-sec mailing list archives
NULL byte poisoning fix in php 5.3.4+
From: Pierre Joye <pierre.php () gmail com>
Date: Thu, 18 Nov 2010 17:22:53 +0100
hi, The problem describes here http://www.madirish.net/?article=436, in http://bugs.php.net/39863 (and numerous other places) has been fixed in PHP_5_3, targetting 5.3.4 (RC1 to be released today). It is a well (old) known issue in PHP and I wonder if there is a CVE already for it? If not I think having one could helpful. or? Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Nov 18)
- Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Nov 18)
- Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Nov 22)
- Re: Re: NULL byte poisoning fix in php 5.3.4+ Josh Bressers (Nov 22)
- Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Nov 29)
- Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Dec 09)
- Re: Re: NULL byte poisoning fix in php 5.3.4+ Steven M. Christey (Dec 09)
- Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Dec 09)
- Re: Re: NULL byte poisoning fix in php 5.3.4+ Steven M. Christey (Dec 09)
- Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Nov 22)
- Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Nov 18)
- Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye (Dec 09)