* Chad Adlawan: > Re the PHP bugs announced by the Hardened-PHP Project > (http://www.hardened-php.net/advisories/012004.txt).
This is very likely not the whole story. According to the PHP 4.3.10 release announcement, additional bugs were fixed. The following vulnerabilities are only mentioned in the 4.3.10 release notes: CAN-2004-1018 - shmop_write() out of bounds memory write access. CAN-2004-1020 - addslashes() not escaping \0 correctly. CAN-2004-1065 - exif_read_data() overflow on long sectionname. magic_quotes_gpc could lead to one level directory traversal with file uploads. > Is the php4 package in Debian stable affected? Not sure. Upstream's security support seems to be suboptimal. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
