Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100820121743.62c72148@redhat.com>
Date: Fri, 20 Aug 2010 12:17:43 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: pierre.php@...il.com, "Moritz Muehlenhoff" <jmm@...ian.org>,
        "Steven M.
 Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: PHP MOPS-2010-56..60

On Thu, 19 Aug 2010 18:22:29 +0200 pierre.php@...il.com wrote:

> Which one did not get an is? Most of those were actually a single
> issue.

MOPS-2010-056 - MOPS-2010-060 as subject indicates.  Those are mysqlnd
issues and session serializer issue allowing data injection.  Not any
from that set of interruption issues that exposed one or two problems in
different ways.

Has upstream managed to track MOPS-2010-022 down to a proper fix
already?  That one was not fixed in 5.3.3.  I'm also wondering whether
the case pointed out in MOPS-2010-024 was not addressed in phar commit
intentionally.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.