Date: Wed, 5 Sep 2012 10:19:52 +0400 From: Eygene Ryabinkin <rea-sec@...elabs.ru> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: php header() header injection detection bypass Tue, Sep 04, 2012 at 03:02:25PM -0400, cve-assign@...re.org wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > - 5.3.11, https://github.com/php/php-src/blob/704bbb3263d0ec9a6b4a767bbc516e55388f4b0e/main/SAPI.c#L593 > > has the issue completely fixed > > Note that, in the > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1398 entry, the > affected versions are "PHP before 5.3.11." (We do know that 5.3.11 > was released about 2 months after 5.4.0.) Yes, sorry: I seem to be messed two bugs and, as I discovered, was talking about CVE-2011-1398 in my previous message. -- Eygene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.