[php-maint] Bug#443899: Bug#443899: php-pear: CVE-2007-2519: PEAR installer arbitrary code execution vulnerability
Steve Langasek
vorlon at debian.org
Mon Sep 24 22:07:55 UTC 2007
severity 443899 important
quit
On Mon, Sep 24, 2007 at 11:48:41PM +0200, Gregory Colpart wrote:
> Package: php-pear
> Version: 5.2.0-8+etch7
> Severity: grave
> Tags: patch security
Overinflated severity. Yeah, running programs as root that pull input from
untrusted network sources can break things, and? This is still true after
this patch, only with one more level of indirection.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
More information about the pkg-php-maint
mailing list