[php-maint] Bug#354666: CVE-2005-3388: XSS in PHPInfo

Geoff Crompton geoff.crompton at strategicdata.com.au
Tue Feb 28 00:16:21 UTC 2006

Package: php4
Version: 4:4.3.10-16
Severity: normal

A recent security focus newsletter updated this issue which was announced back
in October. However I couldn't find a debian bug report specific to this, and
the changelog in sarge doesn't mention 2005-3388.

I saw it at:
Initial report is at: http://www.securityfocus.com/archive/1/415292.

Discovered by Stefan Esser. Apparently it was fixed in 4.4.1, and 5.1.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)

Versions of packages php4 depends on:
ii  libapache-mod-php4           4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4-common                  4:4.3.10-16 Common files for packages built fr

-- no debconf information

More information about the pkg-php-maint mailing list