Re: [Savannah-hackers] PHP3 vulnerability

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers] PHP3 vulnerability

From:	Loic Dachary
Subject:	Re: [Savannah-hackers] PHP3 vulnerability
Date:	Fri, 1 Mar 2002 12:29:06 +0100

Jaime E . Villate writes:
 > On Thu, Feb 28, 2002 at 09:47:13AM +0100, Loic Dachary wrote:
 > > Mark H. Weaver writes:
 > >  >    
 > >  >    PHP 3.10-3.18
 > >  >    
 > >  >       - broken boundary check    (hard to exploit)
 > >  >       - arbitrary heap overflow  (easy exploitable)
 > >  >    
 > > 
 > >    This is us. I'm running a dist-upgrade on savannah + apply the
 > > fix + re-install from sources. Thanks a lot for the warning.
 > Hi,
 > If I understood the security advisory correctly, we were not in danger 
 > because
 > we do not use web forms for file uploads. But it is good that you have
 > upgraded to the new version anyway.

        We do use upload for the patches section, unfortunately ;-)

-- 
Loic   Dachary         http://www.dachary.org/  address@hidden
12 bd  Magenta         http://www.senga.org/      address@hidden
75010    Paris         T: 33 1 42 45 07 97          address@hidden
        GPG Public Key: http://www.dachary.org/loic/gpg.txt

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Savannah-hackers] PHP3 vulnerability, Jaime E . Villate, 2002/03/01
- Re: [Savannah-hackers] PHP3 vulnerability, Loic Dachary <=
- Re: [Savannah-hackers] PHP3 vulnerability, mathieu, 2002/03/01

Prev by Date: [Savannah-hackers] savannah.gnu.org: submission of Moss Project
Next by Date: Re: [Savannah-hackers] Re: oSIP status (fwd)
Previous by thread: Re: [Savannah-hackers] PHP3 vulnerability
Next by thread: Re: [Savannah-hackers] PHP3 vulnerability
Index(es):
- Date
- Thread