On 2016-08-23 19:56, Thorsten Alteholz wrote:
Hi Jan,
Hi Thorsten,
do you know whether there has been a CVE assigned for these bugs
already? As far as I can see there is none yet.
Nope, not a clue. All I have to go by is PHP's security announcement
(http://php.net/releases/5_6_25.php) and
Hi Ola,
On Tue, Aug 23, 2016 at 08:39:29AM +0200, Ola Lundqvist wrote:
> Hi Guido
>
> Brian wrote in his mail that he had not tried to reproduce the crash.
> Quote:
> "...although I don't have any exploits test it with."
There are exploits mentioned in the paper. I think we should test them
befor
Hi Jan,
On Tue, 23 Aug 2016, Jan Ingvoldstad wrote:
It looks as if the patches for unserializing and session handling are
relevant, possibly others:
https://bugs.php.net/bug.php?id=70436
https://bugs.php.net/bug.php?id=72681
do you know whether there has been a CVE assigned for these bugs al
On Tue, Aug 23, 2016 at 03:19:39PM +0200, Jan Ingvoldstad wrote:
> Hi,
>
> PHP 5.6.25 was released a few days ago, and it seems as if some of the
> issues are relevant to PHP 5.4 as well.
>
> It looks as if the patches for unserializing and session handling are
> relevant, possibly others:
>
> h
Hi,
PHP 5.6.25 was released a few days ago, and it seems as if some of the
issues are relevant to PHP 5.4 as well.
It looks as if the patches for unserializing and session handling are
relevant, possibly others:
https://bugs.php.net/bug.php?id=70436
https://bugs.php.net/bug.php?id=72681
H
