[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] PHP3 vulnerability
From: |
Loic Dachary |
Subject: |
Re: [Savannah-hackers] PHP3 vulnerability |
Date: |
Fri, 1 Mar 2002 12:29:06 +0100 |
Jaime E . Villate writes:
> On Thu, Feb 28, 2002 at 09:47:13AM +0100, Loic Dachary wrote:
> > Mark H. Weaver writes:
> > >
> > > PHP 3.10-3.18
> > >
> > > - broken boundary check (hard to exploit)
> > > - arbitrary heap overflow (easy exploitable)
> > >
> >
> > This is us. I'm running a dist-upgrade on savannah + apply the
> > fix + re-install from sources. Thanks a lot for the warning.
> Hi,
> If I understood the security advisory correctly, we were not in danger
> because
> we do not use web forms for file uploads. But it is good that you have
> upgraded to the new version anyway.
We do use upload for the patches section, unfortunately ;-)
--
Loic Dachary http://www.dachary.org/ address@hidden
12 bd Magenta http://www.senga.org/ address@hidden
75010 Paris T: 33 1 42 45 07 97 address@hidden
GPG Public Key: http://www.dachary.org/loic/gpg.txt