Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5X91y9vclvjbGwIrGTgD71sJlHk@+m7/7tdAJxmc/SLHlfN7lFkU4CQ>
Date: Wed, 5 Sep 2012 10:19:52 +0400
From: Eygene Ryabinkin <rea-sec@...elabs.ru>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: php header() header injection detection bypass

Tue, Sep 04, 2012 at 03:02:25PM -0400, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > - 5.3.11, https://github.com/php/php-src/blob/704bbb3263d0ec9a6b4a767bbc516e55388f4b0e/main/SAPI.c#L593
> >   has the issue completely fixed
> 
> Note that, in the
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1398 entry, the
> affected versions are "PHP before 5.3.11." (We do know that 5.3.11
> was released about 2 months after 5.4.0.)

Yes, sorry: I seem to be messed two bugs and, as I discovered, was
talking about CVE-2011-1398 in my previous message.
-- 
Eygene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.