oss-sec mailing list archives
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release
From: Raphael Geissert <geissert () debian org>
Date: Mon, 13 Dec 2010 13:19:59 -0600
Vincent Danen wrote:
* [2010-12-13 18:47:19 +0100] Pierre Joye wrote:* Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.Not sure either if it requires one.I can't tell because I can't find any information, however if you don't believe this is security-relevant, I won't pursue it. However, I would question whether or not it is worth listing under "security enhancements and fixes" instead of just "key bug fixes"?
The commit is http://svn.php.net/viewvc?view=revision&revision=305570 OTOH, this one _could_ be considered relevant (local only, not important IMHO): http://svn.php.net/viewvc?view=revision&revision=305303 $ php t.php PHP Warning: openssl_csr_new(): dn: `� � � ����ȿ��ȿXr� � ��ȿ���e� , is not a recognized name in /tmp/t.php on line 3 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- Issues without CVE names in PHP 5.3.4/5.2.15 release Vincent Danen (Dec 13)
- Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Pierre Joye (Dec 13)
- Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Vincent Danen (Dec 13)
- Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Pierre Joye (Dec 13)
- Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Raphael Geissert (Dec 13)
- Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Vincent Danen (Dec 13)
- Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Pierre Joye (Dec 13)