lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 27 May 2005 10:24:43 +0200 (CEST)
From: John GALLET <john.gallet@...adoo.fr>
To: bugtraq@...urityfocus.com
Subject: Re: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service


Hi there,


> An iDEFENSE researcher discovered two problems in the image processing
> functions of PHP, a server-side, HTML-embedded scripting language, of
> which one is present in woody as well.  When reading a JPEG image, PHP
> can be tricked into an endless loop due to insufficient input
> validation.

I don't see anything in the latest change logs, could anyone please point
me to more information about this error ? Is it located in the GD php
extension ?

Sincerely,
JG




Powered by blists - more mailing lists