Date: Tue, 2 Nov 2010 20:08:58 +0100 From: Pierre Joye <pierre.php@...il.com> To: oss-security@...ts.openwall.com Subject: Re: utf-8 security issue in php hi, On Tue, Nov 2, 2010 at 6:10 PM, Vincent Danen <vdanen@...hat.com> wrote: > * [2010-11-02 16:35:25 +0100] Pierre Joye wrote: > >> On Tue, Nov 2, 2010 at 3:24 PM, Josh Bressers <bressers@...hat.com> wrote: >> >>> As best as I can tell, this only needs one ID. Please use CVE-2010-3870. >> >> Thanks, I updated the bug report and the NEWS file. >> >> Please note that only 5.3 and later contains this fix. 5.3.4 will have the >> fix. > > Are you saying that 5.3 and later _need_ this fix? I.e. that this > doesn't affect earlier versions? Can you clarify? Thanks. This comment was not very clear, sorry. I'm saying that 5.3 and later have been changed to fix this problem. I have no idea if 5.2 requires a fix and won't investigate either (sadly no time). It was more for the CVE description, to be sure that the mention of 5.3+ will be present. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ