[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

* Carlos Alberto Lopez Perez <clopez@igalia.com> [2012-02-02 14:46]:
> On 02/02/12 14:31, Stefan Esser wrote:
> > considering the fact that you write this email the very same day that a 
> > remote code execution vulnerability in PHP is found that is easy to 
> > exploit from remote and is greatly mitigated by the use of Suhosin you 
> > look pretty stupid. (In case of usage of Suhosin-Extension in default 
> > config, it is even completely killed).
> > 
> > Just saying.
> I think that you words are out of tone, there is not need to be unpolite
> And where is such exploit??? I don't see any CVE
> http://www.cvedetails.com/product/128/PHP-PHP.html?vendor_id=74

The fact that there is no CVE id or that you don't know about it, has nothing 
to do with something not existing:


Attachment: pgpa4hl909UeK.pgp
Description: PGP signature

Reply to: