oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: NULL byte poisoning fix in php 5.3.4+

From: Pierre Joye <pierre.php () gmail com>
Date: Tue, 30 Nov 2010 03:26:08 +0100
Coley? :)

On Mon, Nov 22, 2010 at 5:21 PM, Josh Bressers <bressers () redhat com> wrote:

Steve,

Can MITRE take this one. It looks like it's from 2006 (from looking at the
upstream bug). I don't see a CVE id for this anywhere.

Thanks.

--
   JB

----- "Pierre Joye" <pierre.php () gmail com> wrote:


anyone?

On Thu, Nov 18, 2010 at 5:43 PM, Pierre Joye <pierre.php () gmail com>
wrote:

forgot to add the fixes revs:

http://svn.php.net/viewvc?view=revision&revision=305507
revert of part of the OCI8 fix
http://svn.php.net/viewvc?view=revision&revision=305509

OCI8 fix (committed separately)
http://svn.php.net/viewvc?view=revision&revision=305412

On Thu, Nov 18, 2010 at 5:22 PM, Pierre Joye <pierre.php () gmail com>
wrote:

hi,

The problem describes here http://www.madirish.net/?article=436, in
http://bugs.php.net/39863 (and numerous other places) has been fixed
in PHP_5_3, targetting 5.3.4 (RC1 to be released today). It is a well
(old) known issue in PHP and I wonder if there is a CVE already for
it? If not I think having one could helpful. or?

Cheers,
--
Pierre







-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Previous By Date Next
Previous By Thread Next

Current thread: