Date: Tue, 13 Mar 2012 19:11:02 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern On 03/09/2012 02:26 AM, Kurt Seifried wrote: > Just looking through http://www.php.net/ChangeLog-5.php#5.4.0 > > Fixed bug #55500 (Corrupted $_FILES indices lead to security concern). > > https://bugs.php.net/bug.php?id=55500 > (still locked) > > But the blog posting: > > https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ > > has details and it appears to be a security issue. I have emailed > security@....net twice, no response in a week so I'm sending the request > to OSS-sec. > This has been assigned CVE-2012-1172. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ