i think the buffer overflow is hardly exploitable remotely, since the attacker has to control the arguments of the wordwrap() function. ---> A2 "only". http://www.php.net/release_4_4_3.php : "PHP 4.4.3. Release Announcement The PHP development team is proud to announce the release of PHP 4.4.3. This release combines small number of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible. The security issues resolved include the following: * Disallow certain characters in session names. * Fixed a buffer overflow inside the wordwrap() function. * Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. * Improved safe_mode check for the error_log() function. * Fixed cross-site scripting inside the phpinfo() function. * Fixed offset/length parameter validation inside the substr_compare() function. The release also includes about 20 bug fixes and an upgraded PCRE library (version 6.6)."
Forget that, already fixed in 4.4.2-r6 :) thanks to chtekk
