Bug#361853: phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2

Package: php4 Version: 4:4.3.10-16 Severity: grave for more informaton see: http://securityreason.com/achievement_securityalert/34 -- Oliver Paulus OpenPGP Key id: 28D9C44F Fingerprint: EADA 62FC 07DC 3361 A3D6 4174 2DE3 C027 28D9 C44F Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get

Bug#361856: copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2

Package: php4 Version: 4:4.3.10-16 Severity: grave for more informaton see: http://securityreason.com/achievement_securityalert/37 -- Oliver Paulus OpenPGP Key id: 28D9C44F Fingerprint: EADA 62FC 07DC 3361 A3D6 4174 2DE3 C027 28D9 C44F Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get

Bug#361855: tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2

Package: php4 Version: 4:4.3.10-16 Severity: grave for more informaton see: http://securityreason.com/achievement_securityalert/36 -- Oliver Paulus OpenPGP Key id: 28D9C44F Fingerprint: EADA 62FC 07DC 3361 A3D6 4174 2DE3 C027 28D9 C44F Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get

Bug#361854: function *() php/apache Crash PHP 4.4.2 and 5.1.2

Package: php4 Version: 4:4.3.10-16 Severity: grave for more informaton see: http://securityreason.com/achievement_securityalert/35 -- Oliver Paulus OpenPGP Key id: 28D9C44F Fingerprint: EADA 62FC 07DC 3361 A3D6 4174 2DE3 C027 28D9 C44F Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get

Bug#320014: ClamAV library heap overflows

ows that allow attackers to overwrite heap data to obtain complete control of the system." Original security advisory: http://www.rem0te.com/public/images/clamav.pdf ClamAV 0.86.2 release notes: http://sourceforge.net/project/shownotes.php?release_id=344514 Oliver Paulus