Hi There were three more CVEs[0][1][2] issued for php5.
CVE-2007-5900: PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. CVE-2007-5898: The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. CVE-2007-5899: The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900 [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898 [2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
signature.asc
Description: This is a digitally signed message part.
