*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: php5
The following patch causes problems in my installation with mediawiki:
* debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete
multibyte chars inside escapeshellcmd()
The standard workaround to this is to use something like
setlocale(LC_CTYPE,'en_US.UTF-8'). This appears to break the security of
escapeshellcmd(), back to how it was in PHP 5.2.5.
Also reported here:
https://bugzilla.wikimedia.org/show_bug.cgi?id=14944
http://bugs.php.net/bug.php?id=45132
See also:
http://news.php.net/php.internals/39747
** Affects: php5 (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** Description changed:
Binary package hint: php5
The following patch causes problems in my installation with mediawiki:
* debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete
multibyte chars inside escapeshellcmd()
- The standard workaround to this is to use something like
setlocale(LC_CTYPE,'en_US.UTF-8'). This appears to break the security of
+ The standard workaround to this is to use something like
+ setlocale(LC_CTYPE,'en_US.UTF-8'). This appears to break the security of
escapeshellcmd(), back to how it was in PHP 5.2.5.
Also reported here:
https://bugzilla.wikimedia.org/show_bug.cgi?id=14944
http://bugs.php.net/bug.php?id=45132
See also:
http://news.php.net/php.internals/39747
--
escapeshellcmd() security fix generates problems with mediawiki and other
web-apps
https://bugs.launchpad.net/bugs/256014
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
