Am 08.10.2007 um 10:05 schrieb Christian Hoffmann:

On 2007-10-08 at 05:37 +0200, Robert Buchholz wrote:

On Thursday, 4. October 2007, Christian Hoffmann wrote:
# Christian Hoffmann <[EMAIL PROTECTED]> (04 Oct 2007)
# Outdated (no releases since May 2006), buggy and possibly
vulnerable
# to security problems

Anything security-related you know of or just a wild guess?
Not exactly a wild guess, I just didn't want to make a statement
on whether these are security problems or not:
  * INFILE LOCAL option handling vs. open_basedir or safe_mode
  * A crash inside pdo_pgsql on some non-well-formed SQL queries
(both from php-5.2.4 ChangeLog)

Since the second is only locally invoked* DoS and the first an
ever-beloved workaround for the basedir restriction, we don't
need to say goodbye with a maskglsa.

Thanks,
Robert

* unless someone allows remote users to submit SQL queries... :-)
--
[EMAIL PROTECTED] mailing list

Reply via email to