* Carlos Alberto Lopez Perez <clopez@igalia.com> [2012-02-02 14:46]: > On 02/02/12 14:31, Stefan Esser wrote: > > considering the fact that you write this email the very same day that a > > remote code execution vulnerability in PHP is found that is easy to > > exploit from remote and is greatly mitigated by the use of Suhosin you > > look pretty stupid. (In case of usage of Suhosin-Extension in default > > config, it is even completely killed). > > > > Just saying. > > I think that you words are out of tone, there is not need to be unpolite > > > And where is such exploit??? I don't see any CVE > > http://www.cvedetails.com/product/128/PHP-PHP.html?vendor_id=74 The fact that there is no CVE id or that you don't know about it, has nothing to do with something not existing: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ Cheers Nico
Attachment:
pgpa4hl909UeK.pgp
Description: PGP signature