Package: libapache2-mod-php4 Version: 4:4.3.10-2pitti1 Severity: important Tags: security patch
Hi! I fixed a pretty old vulnerability in PHP4's cURL module, see http://www.securitytracker.com/alerts/2004/Oct/1011984.html for details. The Ubuntu patch is at http://patches.ubuntu.com/patches/php4.curl-open_basedir.diff The current upstream CVS HEAD is still not fixed, could you please pass this to upstream? I do not consider this issue overly critical, but it would be nice to eventually fix this. Thanks for considering and have a nice day, Martin -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages libapache2-mod-php4 depends on: ii apache2-mpm-prefork 2.0.52-3 Traditional model for Apache2 ii libbz2-1.0 1.0.2-1 A high-quality block-sorting file ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.8-1 XML parsing C library - runtime li ii libmagic1 4.12-1 File type determination library us ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi ii libssl0.9.7 0.9.7e-2 SSL shared libraries ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap ii php4-common 4:4.3.10-2pitti1 Common files for packages built fr ii zlib1g 1:1.2.2-3 compression library - runtime -- no debconf information -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
