Date: Fri, 16 Jul 2010 11:10:36 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: pierre.php@...il.com Subject: Re: Re: CVE request, php var_export Please use CVE-2010-2531 Sorry for the delay. -- JB ----- "Pierre Joye" <pierre.php@...il.com> wrote: > hi, > > Has anyone got the time to look at this request? I would like to have > an ID for the last RC before we release final next week (packaging > RCs > tonight). > > On Tue, Jul 13, 2010 at 9:00 PM, Pierre Joye <pierre.php@...il.com> > wrote: > > hi, > > > > I would like to request a new # for a flaw in php's var_export. The > > reason is that a fatal error occurs due to recursion, memory limit > or > > execution time var_export bails out. The buffer is never cleared > and > > it flushes to the user. It's not affected by display_errors() since > > its considered part of the output. > > > > Fix already commited to trunk, 5.2 and 5.3 and will be in the next > PHP > > releases (5.2.14 and 5.3.3): > > > > http://svn.php.net/viewvc?view=revision&revision=301143 > > > > Cheers, > > -- > > Pierre > > > > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org > > > > > > -- > Pierre > > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ