Bug#336645: [php-maint] Bug#336645: More vulnerabilities

Adam Conrad adconrad at 0c3.net
Tue Nov 1 16:01:10 UTC 2005


Moritz Muehlenhoff wrote:
> 
> * Fixed an issue with trailing slashes in allowed basedirs. They
>   were ignored by open_basedir checks, so that specified
>   basedirs were handled as prefixes and not as full directory
>   names. (there doesn't seem to be a CVE assignment yet)

This was assigned CAN-2005-3054, the patch was submitted upstream by me,
and it's been fixed in Sid.  The fix is committed to the sarge branch in
SVN, but as we don't tend to consider open_basedir/safe_mode bypasses as
critical security bugs, I'm rolling up all the current bugfixes and will
be preparing an upload for all of them at once.

... Adam




More information about the pkg-php-maint mailing list