[php-maint] Re: research for recent PHP security vulnerabilities
seanius at debian.org
Thu Sep 7 22:07:18 UTC 2006
On Thu, 2006-09-07 at 22:25 +0200, Moritz Muehlenhoff wrote:
> What about CVE-2006-0931? This seems to come from php-pear from
> the php4 source package.
i believe the consensus was that this is not a vulnerability in
php4/pear, but in any application that doesn't check input tarfiles
for sanity before extracting them. an analog would be webform taking
an upload file and a path, and not checking the path for stuff like
".." before putting it there.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20060908/b629b127/attachment.pgp
More information about the pkg-php-maint