Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Aug 2012 13:26:34 -0500
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: php header() header injection detection bypass

Hi,

Reviewing a list of CVE ids that were assigned from the Debian CNA pool, I 
noticed there is one [id] for php5 that hasn't been made public yet the 
issue has already been re-re-reported and in this one last round finally 
fixed.

I'm talking about https://bugs.php.net/60227 

It was independently reported by two persons but as of this time their 
reports (#54182 and #54006) are still hidden behind the "security bug" 
curtain of PHP's bug tracker. Back when they were reported, I had assigned 
the following id: CVE-2011-1398 "header injection detection bypass."
Note that the id only applies to the CR bypass part of the issue.

Then it came this other report (#60227, originally reported as #60028 by the 
same person but tagged security, which hid it too), which lead to finally 
fixing the bug (but please beware of the original fix by reading [1]).

Unless I missed something, the CR bypass issue was never assigned a CVE id 
once it became public. Please do correct me if I'm wrong.

[1] http://article.gmane.org/gmane.comp.php.devel/70584

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.