Date: Tue, 12 Jun 2012 14:54:56 -0300 From: Felipe Pena <felipensp@gmail.com> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: Re: [0x721427d8@gmail.com: [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation] Message-ID: <CA%2B5g0SJ-Xr=HMc_gC4oKp9_LgRX_S29KmVOKkKo8cUCif=m%2B1A@mail.gmail.com> In-Reply-To: <20120612173958.GA78172@DataIX.net> References: <20120612173958.GA78172@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, 2012/6/12 Jason Hellenthal <jhellenthal@dataix.net>: [...] > > Timeline: > --------- > * 2012 Feb =C2=A0 - Discovered in 5.3.8, verified for 5.3.0/5.3.10 and 5.= 4.0 > * 2012 March - Responsible Disclosure via SSD/BeyondSecurity > * 2012 April - Patch available 2012-04-19 > * 2012 May/June - No trace of bugfix in svn for 5.3/5.4/trunk although > mentioned in bugref #61755 > * 2012 June =C2=A0- No trace of bugfix in svn for 5.3/5.4/trunk, code ... > * 2012 June =C2=A0- public disclosure > No trace of bugfix in June? It has been fixed in Apr. http://git.php.net/?p=3Dphp-src.git;a=3Dcommitdiff;h=3D1b78aef426a8f413ddd7= 0854eb3fd5fbc95ef675 --=20 Regards, Felipe Pena
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B5g0SJ-Xr=HMc_gC4oKp9_LgRX_S29KmVOKkKo8cUCif=m%2B1A>