Package: php4 Version: 6:4.4.4-8 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for php4.
CVE-2008-5624[0]: | PHP 5 before 5.2.7 does not properly initialize the page_uid and | page_gid global variables for use by the SAPI php_getuid function, | which allows context-dependent attackers to bypass safe_mode | restrictions via variable settings that are intended to be restricted | to root, as demonstrated by a setting of /etc for the error_log | variable. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624 http://security-tracker.debian.org/tracker/CVE-2008-5624 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
