Date: Fri, 20 Nov 2009 10:47:35 +0000 From: Joe Orton <jorton@...hat.com> To: Thomas Biege <thomas@...e.de> Cc: OSS-Security Mailinglist <oss-security@...ts.openwall.com> Subject: Re: CVE request: php 5.3.1 update On Fri, Nov 20, 2009 at 11:41:50AM +0100, Thomas Biege wrote: > Hello, > > PHP was updated to version 5.3.1 and did also address security > issues: http://www.php.net/releases/5_3_1.php We assigned some CVE names for the new issues here; two correspond to existing issues fixed earlier in 5.2.11. The CVE names have not made it to the web site but were used in the e-mail announcement text: - Added missing sanity checks around exif processing. (CVE-2009-3292, Ilia) - Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) - Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559, Johannes, christian at elmerot dot se) - Fixed bug #44683 (popen crashes when an invalid mode is passed). (CVE-2009-3294, Pierre) Regards, Joe
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.