Message-ID: <email address hidden>
Date: Sun, 09 Jan 2005 11:29:56 +0100
From: Florian Weimer <email address hidden>
To: Martin Schulze <email address hidden>
Cc: Pekka Savola <email address hidden>, <email address hidden>, <email address hidden>
Subject: Re: A backport of PHP fixes for 4.1.2
* Martin Schulze:
>> Security Fixes (OpenPKG-2004.053-php):
>>
>> o CAN-2004-1018:
>> shmop_write() out of bounds memory write access.
>> (ext/shmop/shmop.c)
>
> Withdrawn, not considered as vulnreability since it would require
> a malicious script and you can do more evil things much easier with
> a malicious script.
Huh? What about safe_mode? Does CVE officially declare safe_mode as
fundamentally insecure?
Message-ID: <email address hidden>
Date: Sun, 09 Jan 2005 11:29:56 +0100
From: Florian Weimer <email address hidden>
To: Martin Schulze <email address hidden>
Cc: Pekka Savola <email address hidden>, <email address hidden>, <email address hidden>
Subject: Re: A backport of PHP fixes for 4.1.2
* Martin Schulze:
>> Security Fixes (OpenPKG- 2004.053- php):
>>
>> o CAN-2004-1018:
>> shmop_write() out of bounds memory write access.
>> (ext/shmop/shmop.c)
>
> Withdrawn, not considered as vulnreability since it would require
> a malicious script and you can do more evil things much easier with
> a malicious script.
Huh? What about safe_mode? Does CVE officially declare safe_mode as
fundamentally insecure?