[php-maint] Bug#559787: php4: CVE-2008-5624
michael.s.gilbert at gmail.com
Mon Dec 7 03:17:57 UTC 2009
the following CVE (Common Vulnerabilities & Exposures) id was
published for php4.
| PHP 5 before 5.2.7 does not properly initialize the page_uid and
| page_gid global variables for use by the SAPI php_getuid function,
| which allows context-dependent attackers to bypass safe_mode
| restrictions via variable settings that are intended to be restricted
| to root, as demonstrated by a setting of /etc for the error_log
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
More information about the pkg-php-maint