| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Sep 2006 19:48:07 +0300 From: İsmail Dönmez <ismail@...dus.org.tr> To: cxib@...urityreason.com Cc: bugtraq@...urityfocus.com Subject: Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Hi, 9 Eylül 2006 Cumartesi 13:24 tarihinde, cxib@...urityreason.com şunları yazmıştı: > [PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()] > > > Author: Maksymilian Arciemowicz (cXIb8O3) > Date: > - Written: 05.09.2006 > - Public: 09.09.2006 > SecurityAlert Id: 42 > CVE: CVE-2006-4625 > SecurityRisk: High > Affected Software: PHP 5.1.6 / 4.4.4 < = x > Advisory URL: http://securityreason.com/achievement_securityalert/42 > Vendor: http://www.php.net [...] > --- 2. How to fix --- > fixed in CVS HEAD, PHP_5_2, PHP_5_1 and PHP_4_4. > > http://cvs.php.net/viewcvs.cgi/php-src/NEWS Can you please tell exact CVS revision in your advisories, PHP.net doesn't care about vulnerabilities and its very hard to find the correct revision for the fix. Regards, ismail -- アニメは本当にすごいすぎるよ !
Powered by blists - more mailing lists