Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 129314

Summary: dev-lang/php tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2 (CVE-2006-0996)
Product: Gentoo Security Reporter: Jule Slootbeek <jslootbeek>
Component: VulnerabilitiesAssignee: PHP Bugs <php-bugs>
Status: RESOLVED FIXED    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://securityreason.com/achievement_securityalert/36
Whiteboard: B3
Package list:
Runtime testing required: ---
Bug Depends on: 131135    
Bug Blocks:    

Description Jule Slootbeek 2006-04-08 22:09:51 UTC 
as reported by SecurityReason on 2006/04/08

http://securityreason.com/achievement_securityalert/36

php team, please verify
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-04-09 01:12:01 UTC 
The security team does not usually handle safemode or basedir bugs

http://www.php.net/security-note.php
Comment 2 Luca Longinotti (RETIRED) gentoo-dev 2006-05-05 03:35:10 UTC 
Fixed, see bug #131135 for stabilization instructions and then close this when
that one is closed too.
Best regards, CHTEKK.
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2006-05-08 10:40:07 UTC 
Fixed with Bug 131135, closing.