Re: [Savannah-hackers] PHP3 vulnerability

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers] PHP3 vulnerability

From:	Jaime E . Villate
Subject:	Re: [Savannah-hackers] PHP3 vulnerability
Date:	Fri, 1 Mar 2002 10:53:01 +0000
User-agent:	Mutt/1.2.5i

On Thu, Feb 28, 2002 at 09:47:13AM +0100, Loic Dachary wrote:
> Mark H. Weaver writes:
>  >    
>  >    PHP 3.10-3.18
>  >    
>  >       - broken boundary check    (hard to exploit)
>  >       - arbitrary heap overflow  (easy exploitable)
>  >    
> 
>       This is us. I'm running a dist-upgrade on savannah + apply the
> fix + re-install from sources. Thanks a lot for the warning.
Hi,
If I understood the security advisory correctly, we were not in danger because
we do not use web forms for file uploads. But it is good that you have
upgraded to the new version anyway.

Cheers,
Jaime

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Savannah-hackers] PHP3 vulnerability, Jaime E . Villate <=
- Re: [Savannah-hackers] PHP3 vulnerability, Loic Dachary, 2002/03/01
- Re: [Savannah-hackers] PHP3 vulnerability, mathieu, 2002/03/01

Prev by Date: [Savannah-hackers] Cron <address@hidden> sf_www
Next by Date: [Savannah-hackers] savannah.gnu.org: submission of Moss Project
Previous by thread: [Savannah-hackers] Cron <address@hidden> sf_www
Next by thread: Re: [Savannah-hackers] PHP3 vulnerability
Index(es):
- Date
- Thread