[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

spinkham steve.pinkham at gmail.com
Thu Jul 10 19:32:00 BST 2008


This has been addressed in Intrepid by updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1
Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15
Re: test cases: I've not yet seen widely published exploit code, and I'm not about to change that.
Regression potential:
  It is vaguely possible the escapeshellcmd() change could have unintended affects, but extremely unlikely due to the limited use case
    of the function combined with necessity of using illegal characters in a multi-byte character set.  The patches have also been widely tested at this point.
  The rest are pure bug fixes with infinitesimally low chance of side effects.

-- 
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed to Hardy Backports.



More information about the ubuntu-backports mailing list