[php-maint] Bug#546164: Bug#546164: Already fixed
Raphael Geissert
geissert at debian.org
Sat Oct 3 20:23:46 UTC 2009
found 546164 5.2.11.dsfg.1-1
severity 546164 important
tag 546164 security
thanks
On Wednesday 23 September 2009 02:22:45 sean finney wrote:
> Version: 5.2.11.dsfg.1-1
>
> hi federico,
>
> On Wed, Sep 23, 2009 at 08:58:29AM +0200, Federico Gimenez Nieto wrote:
> > This seems to be fixed after the upload of 5.2.11.dsfg.1-1.
>
> great, thanks for letting us know. it's a bit odd since i don't think
> we did anything explicitly for this, nor was there anything in the
> upstream changelog mentioning the problem/fix... but hey, i'll take a
> free fix :)
>
Nah, it was not fixed. It stopped being an RC issue because the tmpdir path is
now set to something under /tmp, which an unprivileged user can create. I
have a patch to workaround it by restoring the value originally set by
PEAR::Config, but this still doesn't solve the real issue (and it is also
open to symlink attacks[1]).
[1] I don't remember the exact test conditions I used to test the symlink
attack, though, as I did it in a rush.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the pkg-php-maint
mailing list