[php-maint] Bug#391586: additional information available

debian-bts at spamblock.netzgehirn.de debian-bts at spamblock.netzgehirn.de
Mon Oct 9 11:50:27 CEST 2006

There is new information about this bug available and it looks even more
serious than before now.

See Hardened-PHP Project security advisory at

Affected: PHP 5 <= 5.1.6, PHP 4 < 4.3.0

The bug can be triggered when user input is passed to the unserialzie()
function, e.g. via a cookie.

The Hardened-PHP Project will release a proof of concept exploit
for this vulnerability after the release of PHP 5.2.0 has happened
and a few weeks have passed.

More information about the pkg-php-maint mailing list