[php-maint] Bug#375643: SECURITY: CVE-2006-3011: error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2

Steve Langasek vorlon at debian.org
Tue Jun 27 19:17:01 UTC 2006

severity 375643 important

On Tue, Jun 27, 2006 at 01:16:47PM +0200, Christian Hammers wrote:
> Package: php4
> Version: 4.4.2
> Severity: grave
> Justification: security

> The following came through bugtraq, please check if we're affected.

I haven't checked yet whether we're affected (I assume we are actually), but
safe mode bypasses are not regarded as grave security issues by the PHP
maintainers or by the security team.

> On Sun, Jun 25, 2006 at 11:11:34PM -0000, cxib at securityreason.com wrote:
> > [error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2]

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the pkg-php-maint mailing list