Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4CE34FBC.9090900@redhat.com>
Date: Wed, 17 Nov 2010 09:15:00 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
CC: Pierre Joye <pierre.php@...il.com>
Subject: Re: Re: utf-8 security issue in php - 2 CVEs?

On 11/16/2010 08:40 PM, Pierre Joye wrote:
> hi,
> 
> New fixes or improved fixes, even for known flaw, get new CVE #. I was
> not sure about that a couple of months ago, but that's the answer I
> got when I asked about the policy for such cases. I think it makes
> even more sense in this particular flaw.
> 
Right,
However i am wondering why there is no mention of CVE-2009-5016 in the
php NEWS file from the SVN.
It only mentions:

"
- Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the
number
  of reported malformed sequences). (CVE-2010-3870) (Gustavo)
"


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.