Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 2 Jul 2010 14:47:31 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request -- PHP strrchr() Interruption
  Information Leak Vulnerability


----- "Péter Veres" <moltesalt@...il.com> wrote:

> 2010/6/30 Josh Bressers <bressers@...hat.com>
> 
> >
> > ----- "Péter Veres" <moltesalt@...il.com> wrote:
> >
> > > Hi Steve,
> > >
> > > PHP’s strrchr() function can be interrupted and used for
> information
> > > leakage due to call time pass by reference.
> > >
> > > Could you allocate a CVE id for this issue?
> > >
> >
> > Do you have some sort of reference for this? I'm not finding
> anything in
> > the
> > usual places.
> >
> > I'll assign an ID once I have more information.
> >
> 
> 
> Fixed in the upstream.
> 5.3.3 RC1 not affected.
> 5.2 branch vulnerable.
> 
> http://svn.php.net/viewvc?view=revision&revision=300916

Please use CVE-2010-2484

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ