----- Forwarded message from Oden Eriksson <oeriksson@mandriva.com> ----- Date: Wed, 14 Aug 2013 10:47:06 +0200 From: Oden Eriksson <oeriksson@mandriva.com> To: oss-security@lists.openwall.com Subject: [oss-security] CVE Request -- php - handling of certs with null bytes User-Agent: KMail/4.10.5 (Linux/3.8.13.4-desktop-1.mga3; KDE/4.10.5; x86_64; ; ) Hello, A similar flaw as in ruby and python was discovered and fixed for php. ruby - CVE-2013-4073 python - CVE-2013-4238 php - CVE-2013-???? http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/[1] Upstream fixes: http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755[2] http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897[3] _https://bugs.mageia.org/show_bug.cgi?id=10997_ Cheers. -------- [1] http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnera... [2] http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933... [3] http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c49... ----- End forwarded message ----- -- Fredrik Rinnestam -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.