Re: CVE-2006-4625 Vulnerability not fixed on libapache2-mod-php4.3.10-20
* Etienne Carriere:
> I discovered yesterday that on a server it is possible to override the
> php_admin_value statements .After some researches,this correspond to the
> CVE-2006-4625 vulnerability.I search in the DSA between Sept 2006 and
> nowadays and I found no quotation about the fixation of the hole for php4 .
This is just an issue with untrusted PHP scripts. Debian security
support does not extend to this scenario because PHP's "Safe Mode" is
unsafe by design.