Date: Fri, 20 Aug 2010 12:17:43 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: pierre.php@...il.com, "Moritz Muehlenhoff" <jmm@...ian.org>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: PHP MOPS-2010-56..60 On Thu, 19 Aug 2010 18:22:29 +0200 pierre.php@...il.com wrote: > Which one did not get an is? Most of those were actually a single > issue. MOPS-2010-056 - MOPS-2010-060 as subject indicates. Those are mysqlnd issues and session serializer issue allowing data injection. Not any from that set of interruption issues that exposed one or two problems in different ways. Has upstream managed to track MOPS-2010-022 down to a proper fix already? That one was not fixed in 5.3.3. I'm also wondering whether the case pointed out in MOPS-2010-024 was not addressed in phar commit intentionally. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.