Re: php 5.2.6 Security Fixes
Hi Moritz,
> http://www.php.net/ChangeLog-5.php lists several security fixes which are
> included in upstream PHP 5.2.6:
Thanks, there are two more, which I found and which I just commited to
the tracker:
+CVE-2008-XXXX [php integer overflow in printf]
+ - php5 <unfixed>
+ NOTE: http://www.php.net/ChangeLog-5.php
+ NOTE: Needs further details or digging in SVN
+CVE-2008-XXXX [php suboptimal seeding]
+ - php5 <unfixed> (low)
+ - php4 <unfixed> (low)
+ NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
+ NOTE: I don't believe we need to address this, likely no-dsa, but needs further checking
Cheers,
Moritz
Reply to: