hey guys, i'm just going through the latest batch of CVE's and it doesn't look like there's a fix for CVE-2007-4840 yet:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840 Description PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. http://www.securityfocus.com/archive/1/archive/1/478730/100/0/threaded http://securityreason.com/securityalert/3122 i took a quick look through CVS and i didn't see anything that looked like a fix. any comments? thanks, sean
signature.asc
Description: This is a digitally signed message part.
