[php-maint] Bug https://bugs.php.net/bug.php?id=69646 and more bugs

Ondřej Surý ondrej at sury.org
Mon Jun 15 14:31:24 UTC 2015


Quoting from the bug you have mentioned:

> After some mail exchange with ab at php.net it turns out this issue affects Windows only.

The FTP bug needs the vulnerable code to connect to malicious FTP server
(or trick the user script into connecting there and if you allow random
users to connect to a random FTP servers, you are probably screwed
anyway), the PgSQL bug needs a specially crafted code and we don't use
bundled SQLITE library. PHP#69719 would be nice to have, but nothing
that much critical (again passing unsanitized user input into PHP code
is the core of the problem).

We will upgrade the PHP to address these issues, but I don't think it
deserves panicking and immediate action.

Cheers,
Ondrej

On Mon, Jun 15, 2015, at 11:23, Harald Hellmuth wrote:
> Dear Debian PHP-Maintainers,
> 
> what about this PHP-Bug
> 
> https://bugs.php.net/bug.php?id=69646
> 
> 
> and further Bugs reported here: http://php.net/ChangeLog-5.php
> 
> in Debian's PHP-Packages
> 
> Thanks
> 
> Sincerly
> 
> Harald Hellmuth
> 
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint


-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server



More information about the pkg-php-maint mailing list