Date: Thu, 18 Nov 2010 17:43:59 +0100 From: Pierre Joye <pierre.php@...il.com> To: oss-security@...ts.openwall.com Subject: Re: NULL byte poisoning fix in php 5.3.4+ forgot to add the fixes revs: http://svn.php.net/viewvc?view=revision&revision=305507 revert of part of the OCI8 fix http://svn.php.net/viewvc?view=revision&revision=305509 OCI8 fix (committed separately) http://svn.php.net/viewvc?view=revision&revision=305412 On Thu, Nov 18, 2010 at 5:22 PM, Pierre Joye <pierre.php@...il.com> wrote: > hi, > > The problem describes here http://www.madirish.net/?article=436, in > http://bugs.php.net/39863 (and numerous other places) has been fixed > in PHP_5_3, targetting 5.3.4 (RC1 to be released today). It is a well > (old) known issue in PHP and I wonder if there is a CVE already for > it? If not I think having one could helpful. or? > > Cheers, > -- > Pierre > > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org > -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ