On Tuesday 18 September 2007 09:54:05 pm Stanislav Malyshev wrote: > > i'm just going through the latest batch of CVE's and it doesn't look like > > there's a fix for CVE-2007-4840 yet: > > It's funny that glibc bug gets listed as PHP issue. But I think we may > impose limit on charset length for iconv.
ah, so it's a glibc issue then? istr a similar thing come up with truetype
fonts that ended up being a bug in the tr1 lib, but because the PoC used php
it was classified as a php vulnerabity. if it's the same case here then i
think the onus is on glibc...
/me goes to r some tfm and headers...
sean
signature.asc
Description: This is a digitally signed message part.
