paul Posted November 10, 2010 Report Share Posted November 10, 2010 A vulnerability was discovered and corrected in libmbfl (php): * Fix bug #53273 (mb_strcut() returns garbage with the excessive length parameter) (CVE-2010-4156). The updated packages have been patched to correct these issues. Update: The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the corect upstream patch. Link to comment Share on other sites More sharing options...
Recommended Posts