Your message dated Wed, 24 Mar 2010 20:20:17 +0000 (WET)
with message-id <[email protected]>
and subject line Package php4 has been removed from Debian
has caused the Debian Bug report #559787,
regarding php4: CVE-2008-5624
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
559787: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559787
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: php4
Version: 6:4.4.4-8
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for php4.
CVE-2008-5624[0]:
| PHP 5 before 5.2.7 does not properly initialize the page_uid and
| page_gid global variables for use by the SAPI php_getuid function,
| which allows context-dependent attackers to bypass safe_mode
| restrictions via variable settings that are intended to be restricted
| to root, as demonstrated by a setting of /etc for the error_log
| variable.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624
http://security-tracker.debian.org/tracker/CVE-2008-5624
--- End Message ---
--- Begin Message ---
Version: 6:4.4.6-2+rm
You filed the bug http://bugs.debian.org/559787 in Debian BTS
against the package php4. I'm closing it at *unstable*, but it will
remain open for older distributions.
For more information about this package's removal, read
http://bugs.debian.org/428266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
--- End Message ---