Package: php4
Severity: grave
Tags: security
Justification: user security hole
Version 4.4.0 address some memory corruption bugs, apparently resulting
from fairly wide-spread errors in the implementation of reference
counting. These bugs probably can be exploited by malicious PHP scripts
only,
Florian Weimer wrote:
Version 4.4.0 address some memory corruption bugs, apparently resulting
from fairly wide-spread errors in the implementation of reference
counting. These bugs probably can be exploited by malicious PHP scripts
only, and not by specially crafted input to correctly written
* Adam Conrad:
These bugs will likely be addressed for stable by a change in the
security bug policy for stable. Discussions with the security team are
ongoing; a detailed statement should be published soon.
We need a new security policy for something that *may* fix security
bugs? Neat.
3 matches
Mail list logo
