oss-sec mailing list archives

Re: CVE Request: PHP File upload filename

From: Josh Bressers <bressers () redhat com>
Date: Mon, 13 Jun 2011 15:41:12 -0400 (EDT)



----- Original Message -----

Hi,
Please assign a CVE id for "File path injection vulnerability in
RFC1867
File upload filename" [1].

The fix for the bug has been already committed. [2]

Reported by: Krzysztof Kotowicz <kkotowicz at gmail dot com>


[1] - http://bugs.php.net/bug.php?id=54939
[2] - http://svn.php.net/viewvc?view=revision&revision=312103


Please use CVE-2011-2202.

Thanks.

-- 
    JB

Current thread:

CVE Request: PHP File upload filename Felipe Pena (Jun 12)
- Re: CVE Request: PHP File upload filename Josh Bressers (Jun 13)