Dear debian-security, Please take note of bugs: - #361853: [CVE-2006-0996] phpinfo() Cross Site Scripting - #361855: [CVE-2006-1494] tempnam() open_basedir bypass - #361856: [CVE-2006-1608] copy() Safe Mode Bypass All of which seem to affect sarge. Regards, Allard Hoeve