Date: Tue, 13 Jul 2010 21:00:12 +0200 From: Pierre Joye <pierre.php@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request, php var_export hi, I would like to request a new # for a flaw in php's var_export. The reason is that a fatal error occurs due to recursion, memory limit or execution time var_export bails out. The buffer is never cleared and it flushes to the user. It's not affected by display_errors() since its considered part of the output. Fix already commited to trunk, 5.2 and 5.3 and will be in the next PHP releases (5.2.14 and 5.3.3): http://svn.php.net/viewvc?view=revision&revision=301143 Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ