[PHP] rfc822_write_address() / CVE-2008-2829 problem

Date: Mon, 07 Jul 2008 09:37:53 -0700
From: "Matt Graham" <danceswithcrows@xxxxxxx>
Subject: [PHP] rfc822_write_address() / CVE-2008-2829 problem

Hello, list.  A few days ago, a security scan said that our machines 
that were running PHP had potential vulnerability CVE-2008-2829 , a
buffer overflow in rfc822_write_address().  Discussions about this 
are relatively easy to find with Google, but check out
http://bugs.php.net/bug.php?id=42862 for a reasonable discussion and
an (unofficial) patch.

I'm just curious as to what other PHP users are doing about the problem,
since Redhat says "meh" even though the company doing the security
scan says "OMG PANIC!!1!"  Let me know what you guys think.  Thanks,

-- 
The Crow202 Blog:  http://crow202.org/wordpress/
There is no Darkness in Eternity/But only Light too dim for us to see



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Follow-Ups:
- [PHP] Re: rfc822_write_address() / CVE-2008-2829 problem
  - From: M. Sokolewicz

Prev by Date: Re: [PHP] Looking for a reasonable explanation as to why $_REQUEST exists
Next by Date: [PHP] Re: rfc822_write_address() / CVE-2008-2829 problem
Previous by thread: Re: [PHP] Keeping POST values when paging
Next by thread: [PHP] Re: rfc822_write_address() / CVE-2008-2829 problem
Index(es):
- Date
- Thread

lists-archives.org

[PHP] rfc822_write_address() / CVE-2008-2829 problem