[php-maint] php4 triage
sean finney
seanius at seanius.net
Sat Sep 9 16:02:22 UTC 2006
close 361855
close 361856
close 361853
close 361854
close 368592
close 375643
close 382270
close 370166
close 349260
close 354666
close 354678
close 354685
close 364781
thanks
the following bugs are all fixed in the latest version of php4 uploaded
last week to sid:
#361855: [CVE-2006-1494] tempnam() open_basedir bypass
#361856: [CVE-2006-1608] copy() Safe Mode Bypass
#361853: [CVE-2006-0996] phpinfo() Cross Site Scripting
#361854: [CVE-2006-1549] PHP allows local users to cause a crash by
defining and executing a recursive function.
#368592: php4: CVE-2006-1014 and CVE-2006-1015: argument injection in
mb_send_mail function
#375643: SECURITY: CVE-2006-3011: error_log() Safe Mode Bypass PHP 5.1.4
and 4.4.2
#382270: CVE-2006-4023: php ip2long function incorrect address
validation
#370166: php4-curl: [CVE-2006-2563] PHP cURL Safe_Mode Bypass
Vulnerability
#349260: still vulnerable to CVE-2002-1954
#354666: CVE-2005-3388: XSS in PHPInfo
#354678: PHP4 in Sarge appears vulnerable to CVE-2005-3391
#354685: PHP4 in Sarge may be vulnerable to CVE-2005-3054
#364781: php4: segfault in wordwrap() et al. (INFIGO-2006-04-02)
fixes in the sarge version will be coming for a subset of these in the
near future.
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20060909/47c38dfe/attachment.pgp
More information about the pkg-php-maint
mailing list