[php-maint] Bug#336645: PHP 4.4.1 fixes security bugs
Florian Weimer
fw at deneb.enyo.de
Mon Oct 31 18:14:55 UTC 2005
Package: php4
Tags: security
Severity: grave
The Hardened-PHP project has disclosed several security
vulnerabilites:
<http://www.hardened-php.net/advisory_182005.77.html>
<http://www.hardened-php.net/advisory_192005.78.html>
<http://www.hardened-php.net/advisory_202005.79.html>
<http://www.hardened-php.net/globals-problem>
The "globals problem" appears to be somewhat nasty. It is not clear
if it applies to stable's 4.3.10 version because the security feature
which turned out to be buggy was introduced in 4.3.11, according to
the fourth link above. (Maybe PHP before 4.3.11 is vulnerable to some
other issue; I don't know.)
As usual, the 4.4.1 release might fix additional security bugs for
which no explicit advisories are released.
More information about the pkg-php-maint
mailing list