lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87k6uchw9e.fsf@deneb.enyo.de>
Date: Thu, 30 Sep 2004 12:43:57 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: Stefano Di Paola <stefano.dipaola@...ec.it>
Cc: Bugtraq <bugtraq@...urityfocus.com>,  vulnwatch <vulnwatch@...nwatch.org>
Subject: Re: Php RFC1867 Upload Vuln. POC Released


* Stefano Di Paola:

> Php 4.3.9 and 5.0.2 have been released with the patch for this
> vulnerability, so I've decided to release the POC for this vuln.

Secunia reports that this is PHP issue #28456, which has been fixed in
PHP 4.3.7.  Can you confirm whether these defects are distinct or the
same?  The other issue in the 4.3.9 announcement is called "GPC input
processing fixes", and it seems to be somewhat critical, too.

Is anybody aware of minimal patches relative to PHP 4.3.8 (or earlier
versions)?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ