On Thu, 2003-03-27 at 09:42, Marcus Börger wrote:
> At 19:17 26.03.2003, Martin Jansen wrote:
> >On Wed, 2003-03-26 at 15:29, Antony Dovgal wrote:
> > > I just don't see any reasons to include experimental extensions,
> > > that will cause such "security advisories", into the core distribution.
> >
At 19:17 26.03.2003, Martin Jansen wrote:
On Wed, 2003-03-26 at 15:29, Antony Dovgal wrote:
> I just don't see any reasons to include experimental extensions,
> that will cause such "security advisories", into the core distribution.
> Someone can explain this to me, maybe I'm wrong?
The plan is to
On 26 Mar 2003 19:17:39 +0100
Martin Jansen <[EMAIL PROTECTED]> wrote:
> The plan is to move a lot of extension to PECL, once the
> infrastructure is rock-solid. Please don't ask, when this will happen
> and which extensions will be moved :-).
Yep, I know about this plan.
Ok, I just stated my IMHO
> I thought Siberia is much further, then PECL =)
> By the way, in Russian "PECL" sounds almost like a word, that
> means "hell"..
In German, it sounds like "pimple". I've always been saying
that it was a bad choice.
- Sascha
--
PHP Internals - PHP Runtime Development Mailing List
On 26 Mar 2003 13:10:25 -0500
Sterling Hughes <[EMAIL PROTECTED]> wrote:
> Its a segfault, it will be fixed. Sockets is a standard, and atm very
> widely used and important extension - its not going to
> siberia^H^H^H^Hpecl.
I thought Siberia is much further, then PECL =)
By the way, in Russian "
On Wed, 2003-03-26 at 04:39, Antony Dovgal wrote:
> On Wed, 26 Mar 2003 01:30:11 -0800 (Pacific Standard Time)
> Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
>
> > I don't see how it is in any way exploitable.
> That's what I wanted to say indeed.
>
> IMHO it will be much better to move this extensi
On Wed, 2003-03-26 at 15:29, Antony Dovgal wrote:
> I just don't see any reasons to include experimental extensions,
> that will cause such "security advisories", into the core distribution.
> Someone can explain this to me, maybe I'm wrong?
The plan is to move a lot of extension to PECL, once th
On Wed, 2003-03-26 at 10:39, Antony Dovgal wrote:
> On Wed, 26 Mar 2003 01:30:11 -0800 (Pacific Standard Time)
> Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
>
> > I don't see how it is in any way exploitable.
> That's what I wanted to say indeed.
>
> IMHO it will be much better to move this extensi
On 26 Mar 2003 14:38:36 +0100
Martin Jansen <[EMAIL PROTECTED]> wrote:
> So you are proposing to move sockets to PECL, because the extension
> will not attract that much interest there and thus the possible
> security issues will not be revealed so fast?
> I agree with that up to a certain point,
On 26 Mar 2003 14:38:36 +0100
Martin Jansen <[EMAIL PROTECTED]> wrote:
> So you are proposing to move sockets to PECL, because the extension
> will not attract that much interest there and thus the possible
> security issues will not be revealed so fast?
> I agree with that up to a certain point,
On Wed, 26 Mar 2003 01:30:11 -0800 (Pacific Standard Time)
Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
> I don't see how it is in any way exploitable.
That's what I wanted to say indeed.
IMHO it will be much better to move this extension to PECL and to
avoid such articles, having bad influence on P
It isn't an overflow, in that particular case, but there are other parts
of the sockets extension where negative values can make their way to an
emalloc() call, and I suppose you could call that an integer overflow. I
don't see how it is in any way exploitable.
-Rasmus
On Wed, 26 Mar 2003, Anton
Hello, all
Mordred Labs advisory - Integer overflow in PHP socket_iovec_alloc()
function.
http://www.securitylab.ru/?ID=36819
IMHO it's not integer overflow, but using of nonexisting second
parameter, just try to call:
and you'll get segfault.
Take a look at this part of code:
ext/sockets/so
13 matches
Mail list logo
