Author: Gina Peter Banyard (Girgias)
Date: 2024-04-24T22:34:52+01:00
Commit:
https://github.com/php/web-php/commit/9d503856dcee89a581f3163285dc4f8f27671b33
Raw diff:
https://github.com/php/web-php/commit/9d503856dcee89a581f3163285dc4f8f27671b33.diff
Add missing words + markup again
Changed paths:
M archive/entries/2024-04-24-1.xml
Diff:
diff --git a/archive/entries/2024-04-24-1.xml b/archive/entries/2024-04-24-1.xml
index a378b76602..94ec2e1dc8 100644
--- a/archive/entries/2024-04-24-1.xml
+++ b/archive/entries/2024-04-24-1.xml
@@ -11,8 +11,9 @@
<div xmlns="http://www.w3.org/1999/xhtml";>
<p>Recently, a bug in <strong>glibc</strong> version 2.39 and older (<a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-2961";>CVE-2024-2961</a>) was
uncovered
- where a buffer overflow in character set conversions *to* the
- ISO-2022-CN-EXT character set.</p>
+ where a buffer overflow in character set conversions
<strong>to</strong>
+ the ISO-2022-CN-EXT character set can result in remote code execution.
+ </p>
<p>This specific buffer overflow in glibc is exploitable through PHP,
which uses the iconv functionality in glibc to do character set
@@ -22,7 +23,7 @@
<p>There are numerous reports online with titles like "Mitigating the
iconv Vulnerability for PHP (CVE-2024-2961)" or "PHP Under Attack".
These
- titles are misleading as this is <em>not</em> a bug in PHP itself.</p>
+ titles are misleading as this is <strong>not</strong> a bug in PHP
itself.</p>
<p>Currently there is no fix for this issue, but there is a workaround
described in <a
