On Thu, Oct 18, 2007 at 01:58:13AM +0200, Luigi Gangitano wrote:
> Hi Steffen,
> Drupal security advisory SA-2007-023
>
> http://drupal.org/node/184313
>
> redirects this bug to PHP < 4.4.3 and < 5.2.4, so this should not be
> considered a drupal's bug.
The underlying PHP issue has been fixed in DSA 1206. However, even
if it were a vulnerability in drupal it wouldn't fall under the
scope of Debian security updates, since register_globals is not
supported in Debian, see PHP's README.Debian.security.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
