Package: php4 Version: N/A; reported 2005-04-23 Severity: grave Tags: security, woody, sarge Justification: user security hole
Both CVE hit PHP before 4.3.11 (so I assume stable is affected as well, please correct the tags if not and update http://www.debian.org/security/nonvulns-woody in this case). On http://lwn.net/Articles/132270/ is written: "Remote exploits are possible.". Maybe you can take the fix from Ubuntu: http://lwn.net/Alerts/132264/ -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686 Locale: LANG=en_US, LC_CTYPE=en_US -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
