[php-maint] Bug#391586: additional information available
debian-bts at spamblock.netzgehirn.de
debian-bts at spamblock.netzgehirn.de
Mon Oct 9 11:50:27 CEST 2006
There is new information about this bug available and it looks even more
serious than before now.
See Hardened-PHP Project security advisory at
http://www.hardened-php.net/advisory_092006.133.html
Affected: PHP 5 <= 5.1.6, PHP 4 < 4.3.0
The bug can be triggered when user input is passed to the unserialzie()
function, e.g. via a cookie.
"
The Hardened-PHP Project will release a proof of concept exploit
for this vulnerability after the release of PHP 5.2.0 has happened
and a few weeks have passed.
"
More information about the pkg-php-maint
mailing list