oss-sec mailing list archives
Re: possible flaw in widely used strtod.c implementation
From: Josh Bressers <bressers () redhat com>
Date: Thu, 6 Jan 2011 07:10:26 -0500 (EST)
----- Original Message -----
On Wed, Jan 5, 2011 at 8:23 PM, Pierre Joye <pierre.php () gmail com> wrote:On Wed, Jan 5, 2011 at 5:52 PM, Michael Gilbert <michael.s.gilbert () gmail com> wrote:The fact that this bug can lead to a denial-of-service in PHP is sufficient to warrant a CVE for PHP, but nothing else (I think). If it can lead to a dos in other apps, then each should get their own CVE (again in my opinion).I think so too but in any case it would rock if I could get a CVE # asap, we are going to release 5.2.17/5.3.5 tomorrow (packaging now).Anyone?
Please use CVE-2010-4645
Thanks.
--
JB
Current thread:
- possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Josh Bressers (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Steven M. Christey (Jan 10)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Feb 01)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)