[php-maint] Bug#336654: CVE-2005-3392 and CVE-2005-3391

Stefan Fritsch sf at sfritsch.de
Sun Nov 27 18:59:09 UTC 2005


CVE-2005-3391:
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to 
bypass safe_mode and open_basedir restrictions via unknown attack 
vectors in (1) ext/curl and (2) ext/gd.

and

CVE-2005-3392:
Unspecified vulnerability in PHP before 4.4.1, when using the virtual 
function on Apache 2, allows remote attackers to bypass safe_mode and 
open_basedir directives.

are also in php5 and are fixed in php 5.1




More information about the pkg-php-maint mailing list