Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 4 Dec 2008 13:43:46 -0800
From: David Remahl <>
 "Steven M. Christey" <>
Subject: CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)

PHP 5.2.7 addresses several CVEs that are listed in the NEWS file.  
Apparently, it also addresses the above bug, but no CVE has been  

- Fixed extraction of zip files or directories when the entry name is a
   relative path. (Pierre)

The advisory from Stefan also does not contain a CVE.

Steve, please assign

/ Regards, David

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.