Edit report at https://bugs.php.net/bug.php?id=55475&edit=1
ID: 55475 Updated by: ala...@php.net Reported by: mads at gartneriet dot dk Summary: is_a() triggers autoloader Status: Assigned Type: Bug Package: Scripting Engine problem PHP Version: 5.3.7 Assigned To: dmitry Block user comment: N Private report: N CVE-ID: 2011-3379 New Comment: Any comments on 5.4.* It seems like applying the 5.3 fix to 5.4 is the only option here, as there is no 'reasonable' way to flag the previous behavior as E_DEPRECIATED that works well as both forward and backward compatible. Previous Comments: ------------------------------------------------------------------------ [2011-09-27 18:36:55] paj...@php.net Add CVE # ------------------------------------------------------------------------ [2011-09-27 09:35:31] ala...@php.net Automatic comment from SVN on behalf of alan_k Revision: http://svn.php.net/viewvc/?view=revision&revision=317382 Log: document fix for #55475 in NEWS ------------------------------------------------------------------------ [2011-09-26 19:57:09] paj...@php.net that's what I meant. ------------------------------------------------------------------------ [2011-09-26 19:54:23] henri at nerv dot fi CVE already requested with A LOT of conversation: http://www.openwall.com/lists/oss-security/2011/09/24/2 ------------------------------------------------------------------------ [2011-09-26 19:45:05] paj...@php.net @cipri Please contact secur...@php.net prior to request a CVE, to avoid double requests or confusing information. or mark a bug as security issue so we will catch it (and the sec guys of the linux distro as well) :) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
