ah, so it's a glibc issue then? istr a similar thing come up with truetype
fonts that ended up being a bug in the tr1 lib, but because the PoC used php
it was classified as a php vulnerabity. if it's the same case here then i
think the onus is on glibc...
I've just committed a patch for that
hi stanislav,
(hope you don't mind i'm going to cc this off to a few addresses, no need to
keep them cc'd for further correspondance though)
On Tuesday 18 September 2007 10:56:16 pm Stanislav Malyshev wrote:
> > ah, so it's a glibc issue then? istr a similar thing come up with
> > truetype font
ah, so it's a glibc issue then? istr a similar thing come up with truetype
fonts that ended up being a bug in the tr1 lib, but because the PoC used php
it was classified as a php vulnerabity. if it's the same case here then i
think the onus is on glibc...
Well, I think we can still impose li
On Tuesday 18 September 2007 09:54:05 pm Stanislav Malyshev wrote:
> > i'm just going through the latest batch of CVE's and it doesn't look like
> > there's a fix for CVE-2007-4840 yet:
>
> It's funny that glibc bug gets listed as PHP issue. But I think we may
> impose limit on charset length for i
i'm just going through the latest batch of CVE's and it doesn't look like
there's a fix for CVE-2007-4840 yet:
It's funny that glibc bug gets listed as PHP issue. But I think we may
impose limit on charset length for iconv.
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] htt
