Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 May 2015 10:31:28 +0200
From: Remi Collet <remi@...oraproject.org>
To: oss-security@...ts.openwall.com
Subject: Re: About PHP and CVE-2015-1353 - please REJECT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can you please reject this CVE.


Thanks,
Remi.

Le 05/05/2015 10:07, Remi Collet a écrit :
> Hi,
> 
> Can someone explain how this can be a security issue, and why
> scored as "high" risk ?
> 
> 
> On bad input, the call will produce a bad output.
> 
> I don't see any way to exploit this for any bad thing.
> 
> I really think we should reject this CVE. Upstream doesn't even
> consider this as a bug.
> 
> 
> Remi.
> 
> 
> P.S.
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1353
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlVQaOAACgkQYUppBSnxahhDBACfS+avTYdrTvAy7pUrhZFTmDxw
OMgAnA860MMJK7j24lWmK9bqkfn/2Q6a
=l2P8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ