This has been addressed in Intrepid by updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1
Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15
Re: test cases: I've not yet seen widely published exploit code, and I'm not about to change that.
Regression potential:
It is vaguely possible the escapeshellcmd() change could have unintended affects, but extremely unlikely due to the limited use case
of the function combined with necessity of using illegal characters in a multi-byte character set. The patches have also been widely tested at this point.
The rest are pure bug fixes with infinitesimally low chance of side effects.
This has been addressed in Intrepid by updating to PHP 5 here: https:/ /launchpad. net/ubuntu/ intrepid/ +source/ php5/5. 2.6-1ubuntu1 /bugs.launchpad .net/ubuntu/ +source/ php5/+bug/ 227464/ comments/ 15
Minimal patch above in this post https:/
Re: test cases: I've not yet seen widely published exploit code, and I'm not about to change that.
Regression potential:
It is vaguely possible the escapeshellcmd() change could have unintended affects, but extremely unlikely due to the limited use case
of the function combined with necessity of using illegal characters in a multi-byte character set. The patches have also been widely tested at this point.
The rest are pure bug fixes with infinitesimally low chance of side effects.