[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6
steve.pinkham at gmail.com
Thu Jul 10 19:32:00 BST 2008
This has been addressed in Intrepid by updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1
Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15
Re: test cases: I've not yet seen widely published exploit code, and I'm not about to change that.
It is vaguely possible the escapeshellcmd() change could have unintended affects, but extremely unlikely due to the limited use case
of the function combined with necessity of using illegal characters in a multi-byte character set. The patches have also been widely tested at this point.
The rest are pure bug fixes with infinitesimally low chance of side effects.
Please roll out security fixes from PHP 5.2.6
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed to Hardy Backports.
More information about the ubuntu-backports