Allard Hoeve <allard@byte.nl> wrote on 13 Apr 2006: > Please take note of bugs: > > - #361853: [CVE-2006-0996] phpinfo() Cross Site Scripting > - #361855: [CVE-2006-1494] tempnam() open_basedir bypass > - #361856: [CVE-2006-1608] copy() Safe Mode Bypass I wonder why there was no DSA at all for php4 (or php5) in 2006, though upstream released PHP 4.4.3 and 4.4.4 containing security fixes... -thh