Re: php vulnerability

To: Florian Weimer <fw@deneb.enyo.de>, Chad Adlawan <tsadi.a@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: php vulnerability
From: saravanan ganapathy <sarav_gsa@yahoo.com>
Date: Mon, 20 Dec 2004 22:48:28 -0800 (PST)
Message-id: <[🔎] 20041221064828.83457.qmail@web51706.mail.yahoo.com>
In-reply-to: <[🔎] 87zn0b1b38.fsf@deneb.enyo.de>

Hai ,
  I am also worrying about these vulnerabilities.btw I
am using debian php package(4.1.2) on woody. 
  How do I sure that I am out of danger? 

Sarav


--- Florian Weimer <fw@deneb.enyo.de> wrote:

> * Chad Adlawan:
> 
> > Re the PHP bugs announced by the Hardened-PHP
> Project
> >
> (http://www.hardened-php.net/advisories/012004.txt).
> 
> This is very likely not the whole story.  According
> to the PHP 4.3.10
> release announcement, additional bugs were fixed. 
> The following
> vulnerabilities are only mentioned in the 4.3.10
> release notes:
> 
> CAN-2004-1018 - shmop_write() out of bounds memory
> write access.
> CAN-2004-1020 - addslashes() not escaping \0
> correctly.
> CAN-2004-1065 - exif_read_data() overflow on long
> sectionname.
> magic_quotes_gpc could lead to one level directory
> traversal with file uploads.
> 
> > Is the php4 package in Debian stable affected?
> 
> Not sure.  Upstream's security support seems to be
> suboptimal.
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

Reply to:

Follow-Ups:
- Re: php vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: php vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: php vulnerabilities
Next by Date: Re: php vulnerabilities
Previous by thread: Re: php vulnerability
Next by thread: Re: php vulnerability
Index(es):
- Date
- Thread