[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Nov 2010 09:07:19 +0100
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: utf-8 security issue in php
JFYI, our php maintainer found that 5.2 seems to use same xml.c
so a patch is needed too.
Sebastian
On Tue, Nov 02, 2010 at 08:08:58PM +0100, Pierre Joye wrote:
> hi,
>
> On Tue, Nov 2, 2010 at 6:10 PM, Vincent Danen <vdanen@...hat.com> wrote:
> > * [2010-11-02 16:35:25 +0100] Pierre Joye wrote:
> >
> >> On Tue, Nov 2, 2010 at 3:24 PM, Josh Bressers <bressers@...hat.com> wrote:
> >>
> >>> As best as I can tell, this only needs one ID. Please use CVE-2010-3870.
> >>
> >> Thanks, I updated the bug report and the NEWS file.
> >>
> >> Please note that only 5.3 and later contains this fix. 5.3.4 will have the
> >> fix.
> >
> > Are you saying that 5.3 and later _need_ this fix? I.e. that this
> > doesn't affect earlier versions? Can you clarify? Thanks.
>
> This comment was not very clear, sorry.
>
> I'm saying that 5.3 and later have been changed to fix this problem. I
> have no idea if 5.2 requires a fix and won't investigate either (sadly
> no time). It was more for the CVE description, to be sure that the
> mention of 5.3+ will be present.
>
> Cheers,
> --
> Pierre
>
> @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
