Re: PHP Update .. details
Initially a few CVE numbers were assigned and then later withdrawn when it
became clear that the issues could only be exploited by a user who wrote a
malicious PHP script - not a remote issue, or too serious. (Given that if
you had the ability to write evil PHP code you cold just run 'system('rm
Just would like to draw your attention to the following page:
Basically, they claim that phpBB v2.0.11 running on PHP version < 4.3.10
becomes remotely vulnerable, and they claim there are exploits on the wild
-- which backs their claim, and makes it definitely a serious issue.
When PHP upgraded to 4.3.10, it's no longer vulnerable.
Being a layman, I'm not able to confirm that claim. However, the fact that
this is an official announcement from them, I think it's worth reading over
Hopefully Debian security team will be convinced to patch php4 package then.