On Wed, Mar 06, 2002 at 10:24:49AM -0600, Ari Novikoff <[EMAIL PROTECTED]> wrote: > Good morning all! > > I was just checking out some info on the PHP vulnerabilities and found a few > things. > > 1) There is a patch release to PHP 4.1.2 which apparently addresses the PHP > vulnerabilities
Unfortunately, it doesn't. If you can ignore the animosity in the discussion, the problems are described in http://bugs.php.net/bug.php?id=15772 Essentially, the working fix is in CVS for PHP 4.2.0, but we can't have it until they decide to release 4.2.0. Have I mentioned how much I love PHP? :-) > Has anyone (Dan Brown? Darrell May?) been poking around with the PHP 4.1.2 > patch available at http://www.php.net/downloads.php ? We're in the process of preparing an update which uses our own patch instead of the broken PHP.net patch. Cheers, -Rich -- ------------------------------ Rich Lafferty --------------------------- Technical Support Engineer, Network Server Solutions Group Mitel Networks, Ottawa, ON (613) 751-4404 ---------------------------- [EMAIL PROTECTED] ------------------------ -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
