ID: 44299
Updated by: [EMAIL PROTECTED]
Reported By: test_junk at hotmail dot it
-Status: Open
+Status: Assigned
Bug Type: PCRE related
Operating System: All
PHP Version: 4.4.8
-Assigned To:
+Assigned To: nlopess
New Comment:
>From what I can see from their ChangeLog:
1. A character class containing a very large number of characters
with
codepoints greater than 255 (in UTF-8 mode, of course) caused a
buffer overflow.
Which is only an issue for the expression, and not "input" - so this
should only be an issue if you use user-supplied input. Otherwise it's
just a local-developer issue only. Which IMO doesn't warrant a new
release.
Previous Comments:
------------------------------------------------------------------------
[2008-03-01 22:52:54] [EMAIL PROTECTED]
I can upgrade it in CVS, but I'm not sure there will be any further PHP
4 release. Derick can you comment on this?
------------------------------------------------------------------------
[2008-02-29 23:58:05] test_junk at hotmail dot it
Description:
------------
Hello,
PCRE versions prior to 7.6 are affected by a vulnerability:
http://www.securityfocus.com/bid/27786
Unfortunately php 4.4.8 compiled against version 7.6 is unstable, are
you going to fix this issue?
Thanks
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44299&edit=1
