mailing list archives
Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 08 Mar 2012 14:05:57 -0700
On 03/08/2012 01:56 PM, Kurt Seifried wrote:
Just looking through http://www.php.net/ChangeLog-5.php#5.4.0
Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
But the blog posting:
has details and it appears to be a security issue. I have emailed
security () php net twice, no response in a week so I'm sending the request
On second look the code doesn't appear to be in PHP 5.3.10 so is it only
in PHP 5.4 betas? Can anyone @php confirm this?
Kurt Seifried Red Hat Security Response Team (SRT)