Date: Wed, 5 Jan 2011 20:23:57 +0100 From: Pierre Joye <pierre.php@...il.com> To: oss-security@...ts.openwall.com Subject: Re: possible flaw in widely used strtod.c implementation On Wed, Jan 5, 2011 at 5:52 PM, Michael Gilbert <michael.s.gilbert@...il.com> wrote: > The fact that this bug can lead to a denial-of-service in PHP is > sufficient to warrant a CVE for PHP, but nothing else (I think). If it > can lead to a dos in other apps, then each should get their own CVE > (again in my opinion). I think so too but in any case it would rock if I could get a CVE # asap, we are going to release 5.2.17/5.3.5 tomorrow (packaging now). Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ