oss-sec mailing list archives
Re: possible flaw in widely used strtod.c implementation
From: Pierre Joye <pierre.php () gmail com>
Date: Wed, 5 Jan 2011 20:23:57 +0100
On Wed, Jan 5, 2011 at 5:52 PM, Michael Gilbert <michael.s.gilbert () gmail com> wrote:
The fact that this bug can lead to a denial-of-service in PHP is sufficient to warrant a CVE for PHP, but nothing else (I think). If it can lead to a dos in other apps, then each should get their own CVE (again in my opinion).
I think so too but in any case it would rock if I could get a CVE # asap, we are going to release 5.2.17/5.3.5 tomorrow (packaging now). Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Josh Bressers (Jan 06)
- Re: possible flaw in widely used strtod.c implementation Steven M. Christey (Jan 10)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Feb 01)
- Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)