Hai , I am also worrying about these vulnerabilities.btw I am using debian php package(4.1.2) on woody. How do I sure that I am out of danger?
Sarav --- Florian Weimer <[EMAIL PROTECTED]> wrote: > * Chad Adlawan: > > > Re the PHP bugs announced by the Hardened-PHP > Project > > > (http://www.hardened-php.net/advisories/012004.txt). > > This is very likely not the whole story. According > to the PHP 4.3.10 > release announcement, additional bugs were fixed. > The following > vulnerabilities are only mentioned in the 4.3.10 > release notes: > > CAN-2004-1018 - shmop_write() out of bounds memory > write access. > CAN-2004-1020 - addslashes() not escaping \0 > correctly. > CAN-2004-1065 - exif_read_data() overflow on long > sectionname. > magic_quotes_gpc could lead to one level directory > traversal with file uploads. > > > Is the php4 package in Debian stable affected? > > Not sure. Upstream's security support seems to be > suboptimal. > > > -- > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
