[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

spinkham steve.pinkham at gmail.com
Thu Jul 10 19:32:00 BST 2008

This has been addressed in Intrepid by updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1
Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15
Re: test cases: I've not yet seen widely published exploit code, and I'm not about to change that.
Regression potential:
  It is vaguely possible the escapeshellcmd() change could have unintended affects, but extremely unlikely due to the limited use case
    of the function combined with necessity of using illegal characters in a multi-byte character set.  The patches have also been widely tested at this point.
  The rest are pure bug fixes with infinitesimally low chance of side effects.

Please roll out security fixes from PHP 5.2.6
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed to Hardy Backports.

More information about the ubuntu-backports mailing list