On 9/18/07, Pierre Habouzit <[EMAIL PROTECTED]> wrote:
> tag 442250 + wontfix
> thanks
see
http://sourceware.org/bugzilla/show_bug.cgi?id=5043
--
http://www.kissofjudas.net/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
ah, so it's a glibc issue then? istr a similar thing come up with truetype
fonts that ended up being a bug in the tr1 lib, but because the PoC used php
it was classified as a php vulnerabity. if it's the same case here then i
think the onus is on glibc...
I've just committed a patch for that
tag 442250 + wontfix
thanks
On Tue, Sep 18, 2007 at 09:48:55PM +, sean finney wrote:
> iconv_t
> iconv_open (const char *tocode, const char *fromcode)
> {
> char *tocode_conv;
> char *fromcode_conv;
> size_t tocode_len;
> size_t fromcode_len;
> __gconv_t cd;
> int res;
>
> /* No
hi stanislav,
(hope you don't mind i'm going to cc this off to a few addresses, no need to
keep them cc'd for further correspondance though)
On Tuesday 18 September 2007 10:56:16 pm Stanislav Malyshev wrote:
> > ah, so it's a glibc issue then? istr a similar thing come up with
> > truetype font
ah, so it's a glibc issue then? istr a similar thing come up with truetype
fonts that ended up being a bug in the tr1 lib, but because the PoC used php
it was classified as a php vulnerabity. if it's the same case here then i
think the onus is on glibc...
Well, I think we can still impose li
On Tuesday 18 September 2007 09:54:05 pm Stanislav Malyshev wrote:
> > i'm just going through the latest batch of CVE's and it doesn't look like
> > there's a fix for CVE-2007-4840 yet:
>
> It's funny that glibc bug gets listed as PHP issue. But I think we may
> impose limit on charset length for i
i'm just going through the latest batch of CVE's and it doesn't look like
there's a fix for CVE-2007-4840 yet:
It's funny that glibc bug gets listed as PHP issue. But I think we may
impose limit on charset length for iconv.
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] htt
hey guys,
i'm just going through the latest batch of CVE's and it doesn't look like
there's a fix for CVE-2007-4840 yet:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840
Description
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of
service (application c
