Re: Security problem in PHP3+Postgres with Potato?

Hi, In March the 25th, I wrote a line about a security problem with PHP3+postgres+apache shipped with Potato, due to character encoding. The security team judged it wasn't a security problem, so I suppose I can publish details about the problem. apache 1.3.9-14 php3 3.0.18-0p

Re: Security problem in PHP3+Postgres with Potato?

Hi, In March the 25th, I wrote a line about a security problem with PHP3+postgres+apache shipped with Potato, due to character encoding. The security team judged it wasn't a security problem, so I suppose I can publish details about the problem. apache 1.3.9-14 php3 3.0.18-0

Re: Security problem in PHP3+Postgres with Potato?

On Mon, Mar 25, 2002 at 04:54:37PM +0100, Beno?t Sibaud wrote: > I think I found a security problem in PHP3+postgres+apache shipped with > Potato. > > Correct me if I'm wrong, but the following code should support any $var. > If you uncomment the client_encoding line, I'm able to execute any > r

Re: Security problem in PHP3+Postgres with Potato?

On Mon, Mar 25, 2002 at 04:54:37PM +0100, Beno?t Sibaud wrote: > I think I found a security problem in PHP3+postgres+apache shipped with > Potato. > > Correct me if I'm wrong, but the following code should support any $var. > If you uncomment the client_encoding line, I'm able to execute any >

Re: Security problem in PHP3+Postgres with Potato?

> > What's the normal way to make a security bug report? > apt-get install bug The 'bug' package is for "normal" bugs. [EMAIL PROTECTED] seems to be the good place to report security problems. Sorry for my previous post. -- Benoît Sibaud R&D Engineer - France Telecom -- To UNSUBSCRIBE, email

RE: Security problem in PHP3+Postgres with Potato?

-Original Message- From: Benoît Sibaud [mailto:[EMAIL PROTECTED] Sent: Monday, March 25, 2002 4:55 PM To: debian-security@lists.debian.org Subject: Security problem in PHP3+Postgres with Potato? > What's the normal way to make a security bug report? apt-get install bug __

Re: Security problem in PHP3+Postgres with Potato?

> > What's the normal way to make a security bug report? > apt-get install bug The 'bug' package is for "normal" bugs. [EMAIL PROTECTED] seems to be the good place to report security problems. Sorry for my previous post. -- Benoît Sibaud R&D Engineer - France Telecom -- To UNSUBSCRIBE, email

RE: Security problem in PHP3+Postgres with Potato?

-Original Message- From: Benoît Sibaud [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 4:55 PM To: [EMAIL PROTECTED] Subject: Security problem in PHP3+Postgres with Potato? > What's the normal way to make a security bug report? apt-get install bug ___