Moritz Muehlenhoff wrote: > > * Fixed an issue with trailing slashes in allowed basedirs. They > were ignored by open_basedir checks, so that specified > basedirs were handled as prefixes and not as full directory > names. (there doesn't seem to be a CVE assignment yet)
This was assigned CAN-2005-3054, the patch was submitted upstream by me, and it's been fixed in Sid. The fix is committed to the sarge branch in SVN, but as we don't tend to consider open_basedir/safe_mode bypasses as critical security bugs, I'm rolling up all the current bugfixes and will be preparing an upload for all of them at once. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
