[Secure-testing-team] php 5.2.6 Security Fixes
Moritz Muehlenhoff
jmm at inutil.org
Tue May 6 14:47:32 UTC 2008
Hi Moritz,
> http://www.php.net/ChangeLog-5.php lists several security fixes which are
> included in upstream PHP 5.2.6:
Thanks, there are two more, which I found and which I just commited to
the tracker:
+CVE-2008-XXXX [php integer overflow in printf]
+ - php5 <unfixed>
+ NOTE: http://www.php.net/ChangeLog-5.php
+ NOTE: Needs further details or digging in SVN
+CVE-2008-XXXX [php suboptimal seeding]
+ - php5 <unfixed> (low)
+ - php4 <unfixed> (low)
+ NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
+ NOTE: I don't believe we need to address this, likely no-dsa, but needs further checking
Cheers,
Moritz
More information about the Secure-testing-team
mailing list