Am 08.10.2007 um 10:05 schrieb Christian Hoffmann:
On 2007-10-08 at 05:37 +0200, Robert Buchholz wrote:
On Thursday, 4. October 2007, Christian Hoffmann wrote:
# Christian Hoffmann <[EMAIL PROTECTED]> (04 Oct 2007)
# Outdated (no releases since May 2006), buggy and possibly
vulnerable
# to security problems
Anything security-related you know of or just a wild guess?
Not exactly a wild guess, I just didn't want to make a statement
on whether these are security problems or not:
* INFILE LOCAL option handling vs. open_basedir or safe_mode
* A crash inside pdo_pgsql on some non-well-formed SQL queries
(both from php-5.2.4 ChangeLog)
Since the second is only locally invoked* DoS and the first an
ever-beloved workaround for the basedir restriction, we don't
need to say goodbye with a maskglsa.
Thanks,
Robert
* unless someone allows remote users to submit SQL queries... :-)
--
[EMAIL PROTECTED] mailing list