Summary: | dev-php/{mod_php|php} Possible local safedir restriction bypass | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | New packages | Assignee: | PHP Bugs <php-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/archive/1/413596/30/0/threaded | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-10-17 22:57:42 UTC
Note: PHP devs do not consider basedir bypass using extensions as security vulnerabilities. See bug 69643 for another example... Safedir is not safe -> reassigning to php-bugs. Fixed in CVS with the latest revisions of all PHP packages. For new-style PHP: dev-lang/php-4.3.11-r3 dev-lang/php-4.4.0-r3 dev-lang/php-4.4.1 dev-lang/php-5.0.4-r3 dev-lang/php-5.0.5-r3 For old-style PHP: dev-php/php-4.3.11-r3 dev-php/php-4.4.0-r3 dev-php/php-cgi-4.3.11-r4 dev-php/php-cgi-4.4.0-r4 dev-php/mod_php-4.3.11-r3 (old-style Apache config layout) dev-php/mod_php-4.4.0-r6 (old-style Apache config layout) dev-php/mod_php-4.4.0-r7 (new-style Apache config layout) Best regards, CHTEKK. |