Comment 7 for bug 11223
Revision history for this message
|
|
#7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Hans Kratz wrote:
> Hi!
>
> I am not a Debian developer but we use Woody on our servers. The
> latest PHP security holes affect us as well. I have backported the
> security fix for the pack()/unpack() functions (attached).
>
> Attached patch is against PHP 4.1.2-7. PHP 4.1.2-7+patch builds fine
> in a Woody pbuilder and looks ok but I have not yet otherwise tested
> it.
>
> Comments? Should I try to backport the other security fixes as well?
If you discover real security issues, yes please, or at least get
in touch with us so we don't miss it accidently.
You can only exploit the bug for which you provided a backport (didn't
the patch apply well?) if you write a malicious php script.
That's not an issue. You can do more with a malicious php script
with less effort.
Regards,
Joey
--
All language designers are arrogant. Goes with the territory...
-- Larry Wall