Re: [Full-disclosure] PHP: Calendar Buffer Overflow

From: Stefan Esser (sesser_at_php.net)
Date: 06/28/05

  • Next message: Martin Pitt: "[Full-disclosure] [USN-145-1] wget vulnerabilities" 
    Date: Tue, 28 Jun 2005 13:05:57 +0200
To: Martin Pitt <martin.pitt@canonical.com>

    Martin Pitt wrote:

    >Of course that is a bug that should be fixed in CVS head, but I think
    >it's not exploitable, so it does not require a security update as far
    >as I can see.
    >
    >
    This bug was fixed in the PHP CVS 16 month ago for the PHP 5 branch, but
    was not commited to the PHP 4_3 branch until 2 month ago. This means the
    fix will be in the upcoming PHP 4.4.

    Greets,
    Stefan Esser
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Martin Pitt: "[Full-disclosure] [USN-145-1] wget vulnerabilities"

    Relevant Pages

    • Re: php extensions compile error - another compile bug?
      ... Re: php extensions compile error - another compile bug?: ... Is not triviality is a matter of perspective? ... AFFECTS: users of PHP ... and shared extensions to allow more flexibility and add new features. ...
      (freebsd-questions)
    • Re: [Full-Disclosure] How secure is PHP ?
      ... > quick look at security focus, searching the vuln db for PHP, nothing more ... Looking at the Official PHP Bug list I am ... The PROGRAMMER is always supposed to validate user supplied ... validate the input it feeds to file system functions it is programmer error. ...
      (Full-Disclosure)
    • Re: Undefined Index notices
      ... I didn't say that it was a bug.. ... These are the first 3 lines of the script that gets posted to.. ... there is nothing but good php there. ... working with a n00b.. ...
      (comp.lang.php)
    • Re: List Fails on some computers - www missing in url
      ... Yes it is - for any domain issued - denying that simple fact allows PHP ... Why is this a security bug, whereas a user being able to erase his ... session cookie at any time and start a new session ISN'T just as ... NS records pointing at the DNS hosting company the domain owner is ...
      (comp.lang.php)
    • Re: Novice needs help :)
      ... you might want to either learn PHP or hire a consultant to give you a hand. ... Also, here on Usenet, we help people - but those people also need to be helping themselves. ... I don't have the several hours it could take to chase down a bug in that large of a chunk of code, and I doubt many people here do. ... I'd have to recreate your database, load it with data, then start testing. ...
      (comp.lang.php)