ID: 44299
Updated by: [EMAIL PROTECTED]
Reported By: test_junk at hotmail dot it
Status: Assigned
Bug Type: PCRE related
Operating System: All
PHP Version: 4.4.8
-Assigned To: nlopess
+Assigned To: derick
New Comment:
Yes, that's true. This is only a problem if the program uses
user-supplied regexes.
I think that the most problematic thing was the pcre 7.0 BC break, that
was later fixed in 7.2 (we still bundle 7.0).
Anyway, Derick please reassign the bug report to me again if you want
me to upgrade pcre or close it otherwise. I can always upgrade PCRE
later if you decide to make a new release for some other reason.
Previous Comments:
------------------------------------------------------------------------
[2008-03-03 08:17:02] [EMAIL PROTECTED]
>From what I can see from their ChangeLog:
1. A character class containing a very large number of characters
with
codepoints greater than 255 (in UTF-8 mode, of course) caused a
buffer overflow.
Which is only an issue for the expression, and not "input" - so this
should only be an issue if you use user-supplied input. Otherwise it's
just a local-developer issue only. Which IMO doesn't warrant a new
release.
------------------------------------------------------------------------
[2008-03-01 22:52:54] [EMAIL PROTECTED]
I can upgrade it in CVS, but I'm not sure there will be any further PHP
4 release. Derick can you comment on this?
------------------------------------------------------------------------
[2008-02-29 23:58:05] test_junk at hotmail dot it
Description:
------------
Hello,
PCRE versions prior to 7.6 are affected by a vulnerability:
http://www.securityfocus.com/bid/27786
Unfortunately php 4.4.8 compiled against version 7.6 is unstable, are
you going to fix this issue?
Thanks
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44299&edit=1
