[php-maint] Bug#443899: Bug#443899: php-pear: CVE-2007-2519: PEAR installer arbitrary code execution vulnerability

Steve Langasek vorlon at debian.org
Mon Sep 24 22:07:55 UTC 2007

severity 443899 important

On Mon, Sep 24, 2007 at 11:48:41PM +0200, Gregory Colpart wrote:
> Package: php-pear
> Version: 5.2.0-8+etch7
> Severity: grave
> Tags: patch security

Overinflated severity.  Yeah, running programs as root that pull input from
untrusted network sources can break things, and?  This is still true after
this patch, only with one more level of indirection.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the pkg-php-maint mailing list