Re: PHP remote code execution introduced via HashDoS fix

[Pierre Joye <pierre.php () gmail com>]

hi!

5.3.10 has been released as well to fix this issue (and another one
related to magic quotes).

Cheers,

On Thu, Feb 2, 2012 at 8:46 PM, Solar Designer <solar () openwall com> wrote:
> Tomas,
>
> Thank you for posting this.
>
> On Thu, Feb 02, 2012 at 08:12:22PM +0100, Tomas Hoger wrote:
> > This got CVE-2012-0830 assigned earlier today.  This is sent to make
> > the assignment public and avoid possible duplicate assignment.
>
> I suggest that we post this sort of things to oss-security not only
> because of CVE issues, but also to make this list a central place to
> keep people informed of security issues in at least popular Open Source
> software.  That is, I think this posting would be desirable even if the
> CVE number had already been communicated to those who might request one.
>
> Not everyone who wants this sort of info also happens to read IT news
> sites, Twitter feeds, etc daily (which also include lots of other info
> that would be off-topic here).
>
> Maybe your comment above was addressed to security@php and Stefan rather
> than to oss-security, though.  Then it sounds just right to me.
>
> Alexander



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org