[php-maint] Bug#336654: CVE-2005-3392 and CVE-2005-3391
Stefan Fritsch
sf at sfritsch.de
Sun Nov 27 18:59:09 UTC 2005
CVE-2005-3391:
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to
bypass safe_mode and open_basedir restrictions via unknown attack
vectors in (1) ext/curl and (2) ext/gd.
and
CVE-2005-3392:
Unspecified vulnerability in PHP before 4.4.1, when using the virtual
function on Apache 2, allows remote attackers to bypass safe_mode and
open_basedir directives.
are also in php5 and are fixed in php 5.1
More information about the pkg-php-maint
mailing list