[php-maint] Bug#605391: Bug#605391: Patch for CVE-2010-3436 breaks open_basedir
Ondřej Surý
ondrej at debian.org
Tue Nov 30 11:04:17 UTC 2010
Thanks, I'll prepare updated packages today and send here a link to
the packages, so you can test it before I upload it to unstable (and
testing).
Ondrej
On Tue, Nov 30, 2010 at 11:27, Raoul Bhatia [IPAX] <r.bhatia at ipax.at> wrote:
> On 11/30/2010 11:11 AM, Raoul Bhatia [IPAX] wrote:
>>> the patch which was added cause CVE-2010-3436 breaks configurations.
>>> If you have set:
>>>
>>> open_basedir=/srv/www/
>>>
>>> it breaks. You must now set open_basedir=/srv/www without the ending /.
>>
>> i can confirm this.
>>
>> please fix asap for squeeze.
>
> might
>
> http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=305507&r2=305698
>
> be the fix for this issue?
>
> thanks,
> raoul
> --
> ____________________________________________________________________
> DI (FH) Raoul Bhatia M.Sc. email. r.bhatia at ipax.at
> Technischer Leiter
>
> IPAX - Aloy Bhatia Hava OG web. http://www.ipax.at
> Barawitzkagasse 10/2/2/11 email. office at ipax.at
> 1190 Wien tel. +43 1 3670030
> FN 277995t HG Wien fax. +43 1 3670030 15
> ____________________________________________________________________
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list