[Secure-testing-team] Re: Bug#404744: phpMyAdmin,
HTTP response splitting and PHP version
Thijs Kinkhorst
thijs at debian.org
Sat Jan 6 16:05:04 CET 2007
close 404744 4:2.9.1.1-1
tags 404744 -moreinfo +sarge
thanks
Hi Marc,
On Sat, 2007-01-06 at 09:26 -0500, Marc Delisle wrote:
> Problem confirmed while testing on PHP 5.1.0. I'll work on a patch this
> week-end, it will be included in the soon to be released 2.9.2-rc1.
Thanks for your research! I'll make sure to update 2.9.2 in Debian when
it's released, but this is probably too late for Debian Etch though.
In any case, given that the vulnerability does not work with 5.1.2+ and
4.4.2+, we can consider it closed for etch and unstable. I'm therefore
closing this bug with the etch version. Testing security team, please
update the tracker for this.
I'll await Marcs patch to see whether it's relevant for stable.
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070106/866a23b8/attachment.pgp
More information about the Secure-testing-team
mailing list