This bug has so far resulted in at least 4 exploited servers, though luckily so far apparently only by idiot script kiddies unable to get past the shell at www-data.
We have been using the mitigation of changing the permissions in the relevant place, but it would be nice not to have to do so. -- phpMyAdmin: CVE-2009-1151: Arbitrary code execution https://bugs.launchpad.net/bugs/387215 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs