There doesn't seem to be a list or address to report things like this directly to Mandrake. I'm posting this here in the hopes that one of the Mandrake employees on the list will forward it to the appropriate people within the company.
http://security.e-matters.de/advisories/012002.html is the actual announcement of the problem. The version of PHP that I've last gotten from Mandrake is 4.0.6-5. The current release version is 4.1.2, and it's being recommended that sites using PHP upgrade to that version, which closes the exploit. There's a story about the problem at http://news.cnet.com/2100-1001-847092.html that discusses the problem a bit. If one of the employees who are on this list would forward this information to the right people at Mandrake, it would be appreciated. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
