Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Jul 2010 21:00:12 +0200
From: Pierre Joye <>
Subject: CVE request, php var_export


I would like to request a new # for a flaw in php's var_export. The
reason is that a fatal error occurs due to recursion, memory limit or
execution time var_export bails out. The buffer is never cleared and
it flushes to the user. It's not affected by display_errors() since
its considered part of the output.

Fix already commited to trunk, 5.2 and 5.3 and will be in the next PHP
releases (5.2.14 and 5.3.3):


@pierrejoye | |

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ