Date: Tue, 05 May 2015 10:07:41 +0200 From: Remi Collet <remi@...oraproject.org> To: oss-security@...ts.openwall.com Subject: About PHP and CVE-2015-1353 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Can someone explain how this can be a security issue, and why scored as "high" risk ? On bad input, the call will produce a bad output. I don't see any way to exploit this for any bad thing. I really think we should reject this CVE. Upstream doesn't even consider this as a bug. Remi. P.S. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1353 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlVIek0ACgkQYUppBSnxahj9KQCaAtMayd0kNR0s+HesD1f8Hh0X UUgAoNloTFTdXoJZgTcwH1vUWVcDLjwS =AEJ5 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ