Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90659 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 36856 invoked from network); 15 Jan 2016 10:37:08 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Jan 2016 10:37:08 -0000 Authentication-Results: pb1.pair.com header.from=julienpauli@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=julienpauli@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.48 as permitted sender) X-PHP-List-Original-Sender: julienpauli@gmail.com X-Host-Fingerprint: 74.125.82.48 mail-wm0-f48.google.com Received: from [74.125.82.48] ([74.125.82.48:37805] helo=mail-wm0-f48.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A6/22-23660-3DBC8965 for ; Fri, 15 Jan 2016 05:37:07 -0500 Received: by mail-wm0-f48.google.com with SMTP id f206so17929876wmf.0 for ; Fri, 15 Jan 2016 02:37:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=/9iiiaZZYbtiRV8n21KIfyWHN6NCgRJkDMX8d+no30k=; b=wcBeifjREkxbjuYq8tNhf3xsK09Mdh2qjllKCe1aSdHJwkq/nXIDSf6cAe5z+G/yCO HubeS5aBYgxwxmlzKVXSL8DFn9I9N7BqkONAMLFeuN+l3RsXITB2/CvNDQkILU21XooY dA9VWiLRrAM9txPmEwzqe6XNSrFbPmNuYXiHfS41paVp+M7JuBC7BPYDJZRHIjY3azAO KMgLNfVeBt0ZpJCEzvEvvIZ8LCghN/gk6yQ4MtwMqkkakYTnfDCfjSOxhL7BqPH4YTUZ hB/Lg0MLYdoz4iUcpGO89nD3xAwdZS6YpS0PEa0BypSeOVvEH9n4P3OGxu/AkPDJDHZv aV6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=/9iiiaZZYbtiRV8n21KIfyWHN6NCgRJkDMX8d+no30k=; b=dDv1ByFffI3ACtsnirH06xOPqGR2TjhNT153GwCCHL5kS2K2uWvhVT2Ck1vQxlP6Gj 5L6BITowZsYGFeN39TF2Xkz3m3AhyHUN7ZeumIh5i3UdJoA7iFdxGftR9F6T4HvQUqNc bH3LkABWiTzqeD7lfgD1bjZFo+IVg+EkJ7ANbmxwNrGrwG+Or72NCOeB8myI2q386Ay3 K43aUL30FGhgBVWCuj4pFu0inTQRV5Hjtl4xSviG6/Niz1LsKRZ9q+g+h7ZkjP7M3iXj 5dH/8rN4Rbe9BxzkLT8neWXRkLzcRxtHBBUFi23zR6RRuQLCdp4aOkpgIUKbsNdb4WOM r9QQ== X-Gm-Message-State: ALoCoQm4BkwkDtuha0ZUqOAaZRptSU5D72z/VfPdab7SkQgHCzERrKlwxVk8Dm8jzx4vbbTZxpmW4Ge4FJ6LBI3zzpga3hkbBQ== X-Received: by 10.194.243.103 with SMTP id wx7mr10252021wjc.136.1452854224287; Fri, 15 Jan 2016 02:37:04 -0800 (PST) MIME-Version: 1.0 Sender: julienpauli@gmail.com Received: by 10.194.80.42 with HTTP; Fri, 15 Jan 2016 02:36:24 -0800 (PST) In-Reply-To: References: <56958637.5080807@gmail.com> <5697F7E0.8010803@gmail.com> Date: Fri, 15 Jan 2016 11:36:24 +0100 X-Google-Sender-Auth: uk4k2JP9y78DZV0rg8qMLUmZmww Message-ID: To: Yasuo Ohgaki Cc: Stanislav Malyshev , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Fixing bug #68063 From: jpauli@php.net (Julien Pauli) On Fri, Jan 15, 2016 at 1:32 AM, Yasuo Ohgaki wrote: > Hi Julien, > > On Fri, Jan 15, 2016 at 9:10 AM, Yasuo Ohgaki wrote: >> >> On Fri, Jan 15, 2016 at 4:32 AM, Stanislav Malyshev wrote: >>> >>>> However, previous my fix (Raise warning and return false) was wrong fix. >>>> Therefore, I would like to correct (Provide new session ID and continue) >>>> it in 5.5 also. Does this make sense? >>> >>> Yes, but nit sure if it's for 5.5. It's for Julian to decide, >>> ultimately, but it doesn't look like 5.5 has a security issue right now >>> with it? Or am I wrong? >> >> No. It does not have security bug, but has wrong fix for the security bug. > > I'll commit the fix from PHP 5.6. If you think this should be included for > PHP 5.5, please cherry pick. I prefer to have this in PHP 5.5, but it's > not mandatory. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net Hi, I will cherry pick it for 5.5 , as it is a fix for a security fix. Is it bfb9307b2d679a91e138fd876880470ece60942b ? Julien.Pauli