Re: PHP4 vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: PHP4 vulnerabilities
From: Thomas Hochstein <ml@ancalgon.inka.de>
Date: Sun, 10 Sep 2006 18:41:00 +0200
Message-id: <[🔎] lds.20060910184104.67@xerxes.akallabeth.de>
References: <60ZUC-622-15@gated-at.bofh.it>

Allard Hoeve <allard@byte.nl> wrote on 13 Apr 2006:

> Please take note of bugs:
> 
> - #361853: [CVE-2006-0996] phpinfo() Cross Site Scripting
> - #361855: [CVE-2006-1494] tempnam() open_basedir bypass
> - #361856: [CVE-2006-1608] copy() Safe Mode Bypass

I wonder why there was no DSA at all for php4 (or php5) in 2006,
though upstream released PHP 4.4.3 and 4.4.4 containing security
fixes...

-thh

Reply to:

Follow-Ups:
- Re: PHP4 vulnerabilities
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 1172-1] New bind9 packages fix denial of service
Next by Date: Re: PHP4 vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1172-1] New bind9 packages fix denial of service
Next by thread: Re: PHP4 vulnerabilities
Index(es):
- Date
- Thread