Re: php vulnerability
I am also worrying about these vulnerabilities.btw I
am using debian php package(4.1.2) on woody.
How do I sure that I am out of danger?
--- Florian Weimer <email@example.com> wrote:
> * Chad Adlawan:
> > Re the PHP bugs announced by the Hardened-PHP
> This is very likely not the whole story. According
> to the PHP 4.3.10
> release announcement, additional bugs were fixed.
> The following
> vulnerabilities are only mentioned in the 4.3.10
> release notes:
> CAN-2004-1018 - shmop_write() out of bounds memory
> write access.
> CAN-2004-1020 - addslashes() not escaping \0
> CAN-2004-1065 - exif_read_data() overflow on long
> magic_quotes_gpc could lead to one level directory
> traversal with file uploads.
> > Is the php4 package in Debian stable affected?
> Not sure. Upstream's security support seems to be
> To UNSUBSCRIBE, email to
> with a subject of "unsubscribe". Trouble? Contact
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.