Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Nov 2010 20:08:58 +0100
From: Pierre Joye <>
Subject: Re: utf-8 security issue in php


On Tue, Nov 2, 2010 at 6:10 PM, Vincent Danen <> wrote:
> * [2010-11-02 16:35:25 +0100] Pierre Joye wrote:
>> On Tue, Nov 2, 2010 at 3:24 PM, Josh Bressers <> wrote:
>>> As best as I can tell, this only needs one ID. Please use CVE-2010-3870.
>> Thanks, I updated the bug report and the NEWS file.
>> Please note that only 5.3 and later contains this fix. 5.3.4 will have the
>> fix.
> Are you saying that 5.3 and later _need_ this fix?  I.e. that this
> doesn't affect earlier versions?  Can you clarify?  Thanks.

This comment was not very clear, sorry.

I'm saying that 5.3 and later have been changed to fix this problem. I
have no idea if 5.2 requires a fix and won't investigate either (sadly
no time). It was more for the CVE description, to be sure that the
mention of 5.3+ will be present.


@pierrejoye | |

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ