Re: [gentoo-dev] Last rites: dev-php5/pecl-pdo*
On 2007-10-08 at 05:37 +0200, Robert Buchholz wrote: On Thursday, 4. October 2007, Christian Hoffmann wrote: # Christian Hoffmann [EMAIL PROTECTED] (04 Oct 2007) # Outdated (no releases since May 2006), buggy and possibly vulnerable # to security problems Anything security-related you know of or just a wild guess? Not exactly a wild guess, I just didn't want to make a statement on whether these are security problems or not: * INFILE LOCAL option handling vs. open_basedir or safe_mode * A crash inside pdo_pgsql on some non-well-formed SQL queries (both from php-5.2.4 ChangeLog) That's why I said possibly. :) -- Christian Hoffmann Gentoo PHP herd signature.asc Description: PGP signature
Re: [gentoo-dev] Last rites: dev-php5/pecl-pdo*
Am 08.10.2007 um 10:05 schrieb Christian Hoffmann: On 2007-10-08 at 05:37 +0200, Robert Buchholz wrote: On Thursday, 4. October 2007, Christian Hoffmann wrote: # Christian Hoffmann [EMAIL PROTECTED] (04 Oct 2007) # Outdated (no releases since May 2006), buggy and possibly vulnerable # to security problems Anything security-related you know of or just a wild guess? Not exactly a wild guess, I just didn't want to make a statement on whether these are security problems or not: * INFILE LOCAL option handling vs. open_basedir or safe_mode * A crash inside pdo_pgsql on some non-well-formed SQL queries (both from php-5.2.4 ChangeLog) Since the second is only locally invoked* DoS and the first an ever-beloved workaround for the basedir restriction, we don't need to say goodbye with a maskglsa. Thanks, Robert * unless someone allows remote users to submit SQL queries... :-) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Last rites: dev-php5/pecl-pdo*
On Thursday, 4. October 2007, Christian Hoffmann wrote: # Christian Hoffmann [EMAIL PROTECTED] (04 Oct 2007) # Outdated (no releases since May 2006), buggy and possibly vulnerable # to security problems Anything security-related you know of or just a wild guess? Robert signature.asc Description: This is a digitally signed message part.