On Thu, 28 Feb 2002, Darrell May wrote:
> Should we not look to installing http://rpms.arvin.dk/php/rh71/ PHP 4 RPMs > which states: > > The PHP 4.0.6 packages found here should not be vulnerable to the file > upload security bug because the fix for PHP 4.0.6 has been applied. As Peter mentioned earlier, the "fix" still has problems. As you probably know, the packaging combinations used in the arvin RPMs are different from those of RedHat, and that causes some complications in converting a system from using one to the other. I've updated my contrib 4.0.6 RPMs to include both the original PHP fix, and a fix of mine for the problems which have been pointed out in that fix. I haven't verified them to be secure, and they come with no warranty. Use at your own risk. Mitel recommends that you disable file uploads - so do I. -- Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
