From owner-freebsd-security@FreeBSD.ORG Tue Jun 12 17:55:18 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 770B01065674; Tue, 12 Jun 2012 17:55:18 +0000 (UTC) (envelope-from felipensp@gmail.com) Received: from mail-qa0-f49.google.com (mail-qa0-f49.google.com [209.85.216.49]) by mx1.freebsd.org (Postfix) with ESMTP id DEF4F8FC0A; Tue, 12 Jun 2012 17:55:17 +0000 (UTC) Received: by qabj40 with SMTP id j40so654697qab.15 for ; Tue, 12 Jun 2012 10:55:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=aVZaGnDwAoeX7G4OruGLtv0RYBfUvsqdByAeKMC6Kt4=; b=LKtA31/su0fKun64BFaszbqFS+0icnSPfciRVnjuDUauP2eUCx/VHoON2I+L+DHkI9 tjLGGlsyS+xOzGEM9QoHFVffoh/br2Is+HxvsdTlh9dvzc1gCeMwksKvfau6sNRFjRgW KKO2JKh/sQshxx/LO7o+mSkM6IPMvmFdnBrwFXU2NFP+l+ehu0SBxpBon8fcA0DEZNhe APSmb4+5NJKjaEImhCgIioo6FrXD2cgqAOQJVhuikeYopMW2HHYj3za4mGZIT46yXff0 4BMk8RxM3ut4i+B0QWi+sE5TIb6Pxh3e/acWnH/tpCu6yCHCwan0GyqjgmOduiB4x6hk GXkA== Received: by 10.229.135.209 with SMTP id o17mr8545642qct.18.1339523717208; Tue, 12 Jun 2012 10:55:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.99.144 with HTTP; Tue, 12 Jun 2012 10:54:56 -0700 (PDT) In-Reply-To: <20120612173958.GA78172@DataIX.net> References: <20120612173958.GA78172@DataIX.net> From: Felipe Pena Date: Tue, 12 Jun 2012 14:54:56 -0300 Message-ID: To: Jason Hellenthal Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: Re: [0x721427d8@gmail.com: [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2012 17:55:18 -0000 Hi, 2012/6/12 Jason Hellenthal : [...] > > Timeline: > --------- > * 2012 Feb =C2=A0 - Discovered in 5.3.8, verified for 5.3.0/5.3.10 and 5.= 4.0 > * 2012 March - Responsible Disclosure via SSD/BeyondSecurity > * 2012 April - Patch available 2012-04-19 > * 2012 May/June - No trace of bugfix in svn for 5.3/5.4/trunk although > mentioned in bugref #61755 > * 2012 June =C2=A0- No trace of bugfix in svn for 5.3/5.4/trunk, code ... > * 2012 June =C2=A0- public disclosure > No trace of bugfix in June? It has been fixed in Apr. http://git.php.net/?p=3Dphp-src.git;a=3Dcommitdiff;h=3D1b78aef426a8f413ddd7= 0854eb3fd5fbc95ef675 --=20 Regards, Felipe Pena