Matt Graham wrote:
Hello, list. A few days ago, a security scan said that our machines
that were running PHP had potential vulnerability CVE-2008-2829 , a
buffer overflow in rfc822_write_address(). Discussions about this
are relatively easy to find with Google, but check out
http://bugs.php.net/bug.php?id=42862 for a reasonable discussion and
an (unofficial) patch.
I'm just curious as to what other PHP users are doing about the problem,
since Redhat says "meh" even though the company doing the security
scan says "OMG PANIC!!1!" Let me know what you guys think. Thanks,
it's doesn't look that dangerous to me, I'd personally rather side with
Redhat in their "meh" than with the security-scan-company's "OMG
PANIC!!1!". If you want the patch to appear in the next version of PHP
(5.2.3), make some noise about it on the internals list. Ask around why
it hasn't been applied until one of the devs gets so annoyed with you
spamming him with it that he'll either apply it (thus getting it into
the next release) or tell you what's wrong with it so you'll finally
leave him alone.
A simple solution :)
- Tul
P.S. note: the potential vulnerability only occurs if you actually use
the imap functions. If you don't: don't worry, you're still "safe".
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
