oss-sec mailing list archives
Re: CVE request: PHP MOPS-2010-56..60
From: Pierre Joye <pierre.php () gmail com>
Date: Fri, 20 Aug 2010 18:45:47 +0200
On Fri, Aug 20, 2010 at 1:24 PM, Pierre Joye <pierre.php () gmail com> wrote:
On Fri, Aug 20, 2010 at 1:00 PM, Tomas Hoger <thoger () redhat com> wrote:On Fri, 20 Aug 2010 12:38:31 +0200 Pierre Joye wrote:MOPS-2010-056 - MOPS-2010-060 as subject indicates. Those are mysqlnd issues and session serializer issue allowing data injection. Not any from that set of interruption issues that exposed one or two problems in different ways.As far as I can tell and see, both the mysqlnd and session issues have been fixed.Raphael posted commit links earlier in this thread.Phar: http://svn.php.net/viewvc?view=revision&revision=298667I'm aware of that commit. It does not change php_stream_wrapper_log_error invocation from phar_stream_flush, as mentioned in MOPS-2010-024: http://svn.php.net/viewvc/php/php-src/trunk/ext/phar/stream.c?view=markup&pathrev=298667#l471 Hence the question if there is some less obvious change that make that particular cases non-issue too.I miss that part, thanks for pointing me to it. I will commit a fix later today.
Done: http://svn.php.net/viewvc?view=revision&revision=302565 Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- Re: CVE request: PHP MOPS-2010-56..60, (continued)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Thomas Biege (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Josh Bressers (Aug 25)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)