[VIM] CVE-2013-4635 SndToJewish / SdnToJewish function name

Christey, Steven M. coley at mitre.org
Mon Jun 24 11:24:47 CDT 2013


Apparently a lot of sources are saying the affected function name in CVE-2013-4635 is "SndToJewish".  This may stem from an apparent typo in the original PHP disclosures.

CVE believes that the correct spelling is "SdnToJewish" which can be seen in the jewish.c source code, e.g.:

http://git.php.net/?p=php-src.git;a=blob;f=ext/calendar/jewish.c;h=fcc0e5c0b878ebdd41dfeaecf148b755cd5e6f2d;hb=fcc0e5c0b878ebdd41dfeaecf148b755cd5e6f2d

If you search for "sdn" in http://www.php.net/ChangeLog-5.php, you will see other functions with a similar "Sdn" prefix.  Here, and elsewhere on the Web, SDN is an acronym for "serial day number," which would make sense because the functions are related to date calculations.

- Steve



More information about the VIM mailing list