Your message dated Mon, 18 May 2009 21:59:06 +0200
with message-id <[email protected]>
and subject line housecleaning
has caused the Debian Bug report #391281,
regarding CVE-2006-4625: PHP Ini_Restore() Safe_Mode and Open_Basedir
Restriction Bypass Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
391281: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391281
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache2-mod-php5
Version: 5.1.6-2
Severity: important
Tags: security
This is still unfixed:
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass
certain Apache HTTP Server httpd.conf options, such as safe_mode and
open_basedir, via the ini_restore function, which resets the values to
their php.ini (Master Value) defaults.
--- End Message ---
--- Begin Message ---
Version: 5.2.0-1
this one was fixed a while ago :)
--
signature.asc
Description: Digital signature
--- End Message ---
