php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #64360 Premature vulnerability disclosure in changelog
Submitted: 2013-03-05 19:04 UTC Modified: 2013-06-16 23:45 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: sarciszewski at knights dot ucf dot edu Assigned: stas (profile)
Status: Closed Package: Documentation problem
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sarciszewski at knights dot ucf dot edu
New email:
PHP Version: OS:

 

 [2013-03-05 19:04 UTC] sarciszewski at knights dot ucf dot edu 
Description:
------------
https://github.com/php/php-src/blob/php-5.4.13RC1/NEWS

Versus

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643

In the future, please do not go into detail for a CVE until the patch is released. Even though you guys know, it might as well be a 0day to me because I run 5.4.12 (current stable).

Test script:
---------------
N/A

Expected result:
----------------
- SOAP
  . Fixed security bug (CVE-2013-1635). (Dmitry)
  . Fixed security bug (CVE-2013-1643). (Dmitry)

Actual result:
--------------
- SOAP
  . Added check that soap.wsdl_cache_dir conforms to open_basedir
    (CVE-2013-1635). (Dmitry)
  . Disabled external entities loading (CVE-2013-1643). (Dmitry)

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-16 23:45 UTC] stas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2013-06-16 23:45 UTC] stas@php.net 
We'll take it into consideration, thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Nov 27 03:01:29 2024 UTC