[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 20 Sep 2009 15:27:46 +0200
From: yersinia <yersinia.spiros@...il.com>
To: oss-security@...ts.openwall.com,
"Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- PHP 5 - 5.2.11
On Sun, Sep 20, 2009 at 12:30 AM, Nico Golde
<oss-security+ml@...lde.de<oss-security%2Bml@...lde.de>
> wrote:
> Hi,
> * Joe Orton <jorton@...hat.com> [2009-09-18 16:11]:
> > On Fri, Sep 18, 2009 at 03:23:43PM +0200, Nico Golde wrote:
> > > * Jan Lieskovsky <jlieskov@...hat.com> [2009-09-18 13:52]:
> > > > PHP has released another upstream 5.2 release, fixing
> > > > four security issues:
> > > >
> > > > http://www.php.net/ChangeLog-5.php
> > > > http://www.php.net/downloads.php
> > > >
> > > > Could you please allocate CVE identifiers?
> > >
> > > What is the security impact of:
> > > Fixed bug #44683 (popen crashes when an invalid mode is passed).
> (Pierre)
> > > ?
> >
> > This would appear to be:
> >
> > http://svn.php.net/viewvc?view=revision&revision=287779
> >
> > which is Windows-specific.
>
> I was more wondering why this is a security issue rather
> than a bug.
http://securityvulns.com/Vdocument145.html
> Cheers
> Nico
> --
> Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA
> For security reasons, all text in this mail is double-rot13 encrypted.
>
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
