[php-maint] Re: research for recent PHP security vulnerabilities

sean finney seanius at debian.org
Thu Sep 7 22:07:18 UTC 2006

On Thu, 2006-09-07 at 22:25 +0200, Moritz Muehlenhoff wrote:
> What about CVE-2006-0931? This seems to come from php-pear from
> the php4 source package.

i believe the consensus was that this is not a vulnerability in
php4/pear, but in any application that doesn't check input tarfiles
for sanity before extracting them.  an analog would be webform taking
an upload file and a path, and not checking the path for stuff like
".." before putting it there.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20060908/b629b127/attachment.pgp

More information about the pkg-php-maint mailing list