Comment 2 for bug 11223

Message-Id: <email address hidden>
Date: Wed, 15 Dec 2004 23:13:20 +0100
From: Florian Weimer <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: php4: 4.3.10 fixes important security holes

Package: php4
Version: 4:4.3.9-2
Severity: grave
Tags: security upstream
Justification: user security hole

PHP 4.3.10 fixes several security bugs. The relevant part of the
release announcement follows.

stable might be affected, too. Let's hope vendor-sec has already sorted
this one out. 8-)

From: Ilia Alshanetsky <email address hidden>
Subject: [ANNOUNCE] PHP 4.3.10 & 5.0.3 Released!
To: <email address hidden>
Date: Wed, 15 Dec 2004 16:00:42 -0500
Message-ID: <email address hidden>
Enyo-Status: asn=7859

PHP Development Team would like to announce the immediate release of PHP
4.3.10 and 5.0.3. These are maintenance releases that in addition to
non-critical bug fixes address several very serious security issues.

These include the following:

CAN-2004-1018 - shmop_write() out of bounds memory write access.
CAN-2004-1018 - integer overflow/underflow in pack() and unpack() functions.
CAN-2004-1019 - possible information disclosure, double free and
negative reference index array underflow in deserialization code.
CAN-2004-1020 - addslashes not escaping \0 correctly.
CAN-2004-1063 - safe_mode execution directory bypass.
CAN-2004-1064 - arbitrary file access through path truncation.
CAN-2004-1065 - exif_read_data() overflow on long sectionname.
magic_quotes_gpc could lead to one level directory traversal with file
uploads.

All Users of PHP are strongly encouraged to upgrade to this release as
soon as possible.

[...]