oss-sec mailing list archives
Re: possible flaw in widely used strtod.c implementation
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Mon, 10 Jan 2011 19:27:28 -0500 (EST)
Since this problem stems from a single codebase, strtod.c, so it gets a single CVE identifier (already assigned CVE-2010-4645). The CVE description will "blame" strtod.c and mention PHP, and any other high-profile software that is discovered to use the same vulnerable, shared code.
- Steve
Current thread:
- possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Josh Bressers (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Steven M. Christey (Jan 10)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Feb 01)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)