Date: Wed, 8 Dec 2010 08:56:02 +0100 From: Pierre Joye <pierre.php@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) hi, The CVE # has been added to the changes log too. http://svn.php.net/viewvc?view=revision&revision=306036 On Mon, Dec 6, 2010 at 6:15 PM, Vincent Danen <vdanen@...hat.com> wrote: > I haven't seen a CVE request for this already, and can't find a CVE name > if one has been assigned. > > CERT has a bulletin up regarding a DoS in the getSymbol() function > (integer overflow vulnerability): > > http://www.kb.cert.org/vuls/id/479900 > http://svn.php.net/viewvc?view=revision&revision=305571 > http://php.net/manual/en/numberformatter.getsymbol.php > > Only affects PHP 5.3.x and probably PECL intl >= 1.0.0 as those are the > only versions with that function. > > Does anyone know if a CVE has been assigned to this? If not, could one > be assigned? > > -- > Vincent Danen / Red Hat Security Response Team -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.