oss-sec mailing list archives

Re: presumptive php sec holes


From: Josh Bressers <bressers () redhat com>
Date: Mon, 12 Oct 2009 12:22:29 -0400 (EDT)

----- "Oden Eriksson" <oeriksson () mandriva com> wrote:

Hello.

Attached are some php patches that to me looks security related
(unknown 
impact). I hope someone with insight can classify and possible assign
CVE 
numbers. The patches were taken from their svn repo, so it's
"official".


Did you contact PHP upstream about these? They're usually quite on the ball
with understanding security flaws, so they are likely the best group to help
you determine what the impact of these are.

-- 
    JB


Current thread: