oss-sec mailing list archives
Re: possible flaw in widely used strtod.c implementation
From: Pierre Joye <pierre.php () gmail com>
Date: Thu, 6 Jan 2011 11:01:12 +0100
On Wed, Jan 5, 2011 at 8:23 PM, Pierre Joye <pierre.php () gmail com> wrote:
On Wed, Jan 5, 2011 at 5:52 PM, Michael Gilbert <michael.s.gilbert () gmail com> wrote:The fact that this bug can lead to a denial-of-service in PHP is sufficient to warrant a CVE for PHP, but nothing else (I think). If it can lead to a dos in other apps, then each should get their own CVE (again in my opinion).I think so too but in any case it would rock if I could get a CVE # asap, we are going to release 5.2.17/5.3.5 tomorrow (packaging now).
Anyone? -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Josh Bressers (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Steven M. Christey (Jan 10)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Feb 01)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)