php5 (5.3.3-1ubuntu9.3) maverick-security; urgency=low
* debian/patches/php5-CVE-2010-3436-regression.patch: update
main/fopen_wrappers.c to include fix for open_basedir restriction
regression (LP: #701896)
-- Steve BeattieWed, 12 Jan 2011 07:02:44 -0800
** CVE added: http://www.cv
OK, then this bug is fixed, on Ubuntu's side. Thank you!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open_basedir breaks by restricting paths to files that should be
The trailing slash issue was fixed with usn-1042-2
(http://www.ubuntu.com/usn/usn-1042-2); my apologies for messing up the
changelog bug reference.
Andrea, I've reproduced the behavior you're seeing on all Ubuntu
releases, as well as debian's 5.3.3-7 package in unstable. I've
discussed it briefly
Sorry for bumping so impolitely, but this is grave and still not
completely solved, at least in Hardy.
@James
Thanks for pointing this out. I am kind of surprised that it works without the
/etc/ path but i am fixing it now anyway.
@others
Can anyone at least confirm that this is *not* an issue a
Andrea: Yes, you are correct, that should work. I wasn't debating that.
If you installed phpmyadmin from the repositories, phpmyadmin calls php
files from /etc/phpmyadmin and /var/lib/phpmyadmin also, as well as
/usr/share/phpmyadmin. phpmyadmin will work without adding those 2
directories into ope
Uhm. The open_basedir has /var/lib/php which is a valid prefix for
/var/lib/phpmyadmin/, and it has always (for two years until wednesday
when this bug appeared) worked with this open_basedir string.
To further clarify:
[...]:/usr/share/phpmyadmin/:/var/lib/phpmyadmin/:[...] works
[...]:/usr/shar
Andrea: Yes, /var/www/phpmyadmin is a symlink to /usr/share/phpmyadmin,
but please note that you're missing 2 more crucial paths.
/etc/phpmyadmin/:/var/lib/phpmyadmin/ are also part of phpmyadmin and
require to be allowed in open_basedir. May not be related to your issue,
but it's the case nonethel
Oh, to also make a note, when I said earlier that I removed the slashes
and tested it out.. my entry was like /home/user/public_html/, and I
removed the slash at the end and it still worked. So when I said it
appears to work perfectly fine for me, my test wasn't exactly the same
as Andrea's and the
I removed the slashes and tested it out. It appears to work perfectly
fine for me like it should.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open_basedir breaks by re
I am not completely confident that the bug is indeed fixed.
The original problem is gone, but I think I see a similar issue in the
updated package. On my Hardy server, paths *without* a trailing slash
now seem to be blocked unexpectedly.
[Fri Jan 14 15:48:37 2011] [error] [client 193.205.80.47] P
Bug is fixed, however the bug ID in the changelog is wrong, so the
janitor didn't automatically close this bug report.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open
Can confirm the fix works on 10.04.1 LTS. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open_basedir breaks by restricting paths to files that should be
allowe
I got the update now on Hardy (13.01.2011 - 14:15 - Austria). The bug is
fixed, thanks for quick response!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open_basedir bre
Tested the updates on Ubuntu Server 10.04.1 LTS. The issue has been
fixed. Thanks for fixing the issue so quickly!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open_bas
Seems there is an update for maverick
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open_basedir breaks by restricting paths to files that should be
allowed; Unknown:
Same for Ubuntu Server 10.04 LTS.
Tested and worked.
Thx for the quick response.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/701765
Title:
open_basedir breaks by restricting paths
Just a note from Debian to Ubuntu maintainers: if you have tracked (and
helped) in Debian php packaging, you would be free of this shame, since
this bug was already fixed in 5.3.3-5 which was released on 30th
November 2010.
** Bug watch added: Debian Bug tracker #605391
http://bugs.debian.org/c
This looks to be the relevant upstream bug
http://bugs.php.net/bug.php?id=53352 and commit:
http://svn.php.net/viewvc?view=revision&revision=305698 that fixed it.
I'm building and testing packages with that commit applied to verify it
fixes the issue.
** Bug watch added: bugs.php.net/ #53352
ht
I stated in the bug description that I wasn't sure if this affected php
on mod_fcgi. I've tested this out now, and it also affects it as it does
on mod_php5.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.l
** Changed in: php5 (Ubuntu)
Status: New => Confirmed
** Changed in: php5 (Ubuntu)
Importance: Undecided => High
** Changed in: php5 (Ubuntu)
Assignee: (unassigned) => Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team, w
** Summary changed:
- open_basedir breaks by restricting paths to files that should be allowed when
you add a leading slash in configuration; Unknown: Failed opening required
'/usr/share/phpmyadmin/index.php' (include_path='.') in Unknown on line 0
+ open_basedir breaks by restricting paths to f
21 matches
Mail list logo