On Wed, Aug 14, 2013 at 04:35:41PM +0200, Fredrik Rinnestam wrote: > ----- Forwarded message from Oden Eriksson <oeriks...@mandriva.com> ----- > > Date: Wed, 14 Aug 2013 10:47:06 +0200 > From: Oden Eriksson <oeriks...@mandriva.com> > To: oss-secur...@lists.openwall.com > Subject: [oss-security] CVE Request -- php - handling of certs with null bytes > User-Agent: KMail/4.10.5 (Linux/3.8.13.4-desktop-1.mga3; KDE/4.10.5; x86_64; > ; ) > > Hello, > A similar flaw as in ruby and python was discovered and fixed for php. > > ruby - CVE-2013-4073 > python - CVE-2013-4238 > php - CVE-2013-???? > > http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/[1] > > Upstream fixes: > > http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755[2] > > http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897[3] > > > _https://bugs.mageia.org/show_bug.cgi?id=10997_ > > Cheers. > > -------- > [1] > http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ > [2] > http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755 > [3] > http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897 > > ----- End forwarded message ----- >
Thanks for the info! Testing new php 5.4.18, which includes a fix for this bug, right now. Greetings Juergen _______________________________________________ crux-devel mailing list crux-devel@lists.crux.nu http://lists.crux.nu/mailman/listinfo/crux-devel