oss-sec mailing list archives

About PHP and CVE-2015-1353

From: Remi Collet <remi () fedoraproject org>
Date: Tue, 05 May 2015 10:07:41 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Can someone explain how this can be a security issue,
and why scored as "high" risk ?


On bad input, the call will produce a bad output.

I don't see any way to exploit this for any bad thing.

I really think we should reject this CVE.
Upstream doesn't even consider this as a bug.


Remi.


P.S. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1353
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlVIek0ACgkQYUppBSnxahj9KQCaAtMayd0kNR0s+HesD1f8Hh0X
UUgAoNloTFTdXoJZgTcwH1vUWVcDLjwS
=AEJ5
-----END PGP SIGNATURE-----

Current thread:

About PHP and CVE-2015-1353 Remi Collet (May 05)
- Re: About PHP and CVE-2015-1353 - please REJECT Remi Collet (May 11)
- Re: About PHP and CVE-2015-1353 cve-assign (May 18)