[0x721427d8@gmail.com: [php<=5.4.3] Parsing Bug in PHP PDO
 prepared statements may lead to access violation]
    Felipe Pena 
    felipensp at gmail.com
       
    Tue Jun 12 17:55:18 UTC 2012
    
    
  
Hi,
2012/6/12 Jason Hellenthal <jhellenthal at dataix.net>:
[...]
>
> Timeline:
> ---------
> * 2012 Feb   - Discovered in 5.3.8, verified for 5.3.0/5.3.10 and 5.4.0
> * 2012 March - Responsible Disclosure via SSD/BeyondSecurity
> * 2012 April - Patch available 2012-04-19
> * 2012 May/June - No trace of bugfix in svn for 5.3/5.4/trunk although
> mentioned in bugref #61755
> * 2012 June  - No trace of bugfix in svn for 5.3/5.4/trunk, code ...
> * 2012 June  - public disclosure
>
No trace of bugfix in June? It has been fixed in Apr.
http://git.php.net/?p=php-src.git;a=commitdiff;h=1b78aef426a8f413ddd70854eb3fd5fbc95ef675
-- 
Regards,
Felipe Pena
    
    
More information about the freebsd-security
mailing list