[php-maint] Bug#546164: Bug#546164: Already fixed

Raphael Geissert geissert at debian.org
Sat Oct 3 20:23:46 UTC 2009

found 546164 5.2.11.dsfg.1-1
severity 546164 important
tag 546164 security

On Wednesday 23 September 2009 02:22:45 sean finney wrote:
> Version: 5.2.11.dsfg.1-1
> hi federico,
> On Wed, Sep 23, 2009 at 08:58:29AM +0200, Federico Gimenez Nieto wrote:
> > This seems to be fixed after the upload of 5.2.11.dsfg.1-1.
> great, thanks for letting us know.  it's a bit odd since i don't think
> we did anything explicitly for this, nor was there anything in the
> upstream changelog mentioning the problem/fix... but hey, i'll take a
> free fix :)

Nah, it was not fixed. It stopped being an RC issue because the tmpdir path is 
now set to something under /tmp, which an unprivileged user can create. I 
have a patch to workaround it by restoring the value originally set by 
PEAR::Config, but this still doesn't solve the real issue (and it is also 
open to symlink attacks[1]).

[1] I don't remember the exact test conditions I used to test the symlink 
attack, though, as I did it in a rush.

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

More information about the pkg-php-maint mailing list