Thanks, I'll prepare updated packages today and send here a link to the packages, so you can test it before I upload it to unstable (and testing).
Ondrej On Tue, Nov 30, 2010 at 11:27, Raoul Bhatia [IPAX] <r.bha...@ipax.at> wrote: > On 11/30/2010 11:11 AM, Raoul Bhatia [IPAX] wrote: >>> the patch which was added cause CVE-2010-3436 breaks configurations. >>> If you have set: >>> >>> open_basedir=/srv/www/ >>> >>> it breaks. You must now set open_basedir=/srv/www without the ending /. >> >> i can confirm this. >> >> please fix asap for squeeze. > > might > > http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=305507&r2=305698 > > be the fix for this issue? > > thanks, > raoul > -- > ____________________________________________________________________ > DI (FH) Raoul Bhatia M.Sc. email. r.bha...@ipax.at > Technischer Leiter > > IPAX - Aloy Bhatia Hava OG web. http://www.ipax.at > Barawitzkagasse 10/2/2/11 email. off...@ipax.at > 1190 Wien tel. +43 1 3670030 > FN 277995t HG Wien fax. +43 1 3670030 15 > ____________________________________________________________________ > > > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint > -- Ondřej Surý <ond...@sury.org> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
