[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6
spinkham
steve.pinkham at gmail.com
Thu Jul 10 19:32:00 BST 2008
This has been addressed in Intrepid by updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1
Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15
Re: test cases: I've not yet seen widely published exploit code, and I'm not about to change that.
Regression potential:
It is vaguely possible the escapeshellcmd() change could have unintended affects, but extremely unlikely due to the limited use case
of the function combined with necessity of using illegal characters in a multi-byte character set. The patches have also been widely tested at this point.
The rest are pure bug fixes with infinitesimally low chance of side effects.
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list