PHP :: Doc Bug #64360 :: Premature vulnerability disclosure in changelog

Premature vulnerability disclosure in changelog

Submitted:

2013-03-05 19:04 UTC

Modified:

2013-06-16 23:45 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

sarciszewski at knights dot ucf dot edu

Assigned:

stas (profile)

Status:

Closed

Package:

Documentation problem

PHP Version:

Irrelevant

OS:

Any

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2013-03-05 19:04 UTC] sarciszewski at knights dot ucf dot edu

Description:
------------
https://github.com/php/php-src/blob/php-5.4.13RC1/NEWS

Versus

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643

In the future, please do not go into detail for a CVE until the patch is released. Even though you guys know, it might as well be a 0day to me because I run 5.4.12 (current stable).

Test script:
---------------
N/A

Expected result:
----------------
- SOAP
  . Fixed security bug (CVE-2013-1635). (Dmitry)
  . Fixed security bug (CVE-2013-1643). (Dmitry)

Actual result:
--------------
- SOAP
  . Added check that soap.wsdl_cache_dir conforms to open_basedir
    (CVE-2013-1635). (Dmitry)
  . Disabled external entities loading (CVE-2013-1643). (Dmitry)

Patches

Add a Patch

Pull Requests

Pull requests:

Eliminate non-existent index notices (phd/1)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-06-16 23:45 UTC] stas@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: stas

[2013-06-16 23:45 UTC] stas@php.net

We'll take it into consideration, thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Jun 13 23:01:32 2024 UTC