The SQLite functionality in PHP before 5.3.15 allows remote attackers to
bypass the open_basedir protection mechanism via unspecified vectors.
Unspecified vulnerability in the _php_stream_scandir function in the stream
implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown
impact and remote attack vectors, related to an "overflow."
@php, ok to stabilize 5.3.15?
Ack. Please go ahead.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Since 5.4.4 is vulnerable too, ARM still needs to stabilise:
I will add this to the PHP GLSA request and draft.
This issue was resolved and addressed in
GLSA 201209-03 at http://security.gentoo.org/glsa/glsa-201209-03.xml
by GLSA coordinator Sean Amoss (ackle).