[php-maint] Bug#508021: php apache/2 SAPI php_getuid() overload
Raphael Geissert
atomo64 at gmail.com
Sun Dec 7 00:25:44 UTC 2008
Source: php5
Version: 5.2.0-1
Severity: important
Tags: security patch
Hi,
This is the item mentioned in 5.2.7's NEWS:
> - Fixed missing initialization of BG(page_uid) and BG(page_gid),
> reported by Maksymilian Arciemowicz. (Stas)
SecurityReason's advisory can be found at [1], patch at [2].
Note: this issue probably affects php4 as well (apache and apache2 SAPIs).
[1]http://securityreason.com/achievement_securityalert/59
[2]http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20081206/3ab7e174/attachment-0001.pgp
More information about the pkg-php-maint
mailing list