Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTinHDiQnJuZYoL_31iURYv_cpPW=QhTouPX_CAjE@mail.gmail.com>
Date: Wed, 8 Dec 2010 08:56:02 +0100
From: Pierre Joye <pierre.php@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900)

hi,

The CVE # has been added to the changes log too.

http://svn.php.net/viewvc?view=revision&revision=306036

On Mon, Dec 6, 2010 at 6:15 PM, Vincent Danen <vdanen@...hat.com> wrote:
> I haven't seen a CVE request for this already, and can't find a CVE name
> if one has been assigned.
>
> CERT has a bulletin up regarding a DoS in the getSymbol() function
> (integer overflow vulnerability):
>
> http://www.kb.cert.org/vuls/id/479900
> http://svn.php.net/viewvc?view=revision&revision=305571
> http://php.net/manual/en/numberformatter.getsymbol.php
>
> Only affects PHP 5.3.x and probably PECL intl >= 1.0.0 as those are the
> only versions with that function.
>
> Does anyone know if a CVE has been assigned to this?  If not, could one
> be assigned?
>
> --
> Vincent Danen / Red Hat Security Response Team



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.