Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#12383 - PHP 5.2.7 has a serious security flaw

Attached to Project: Arch Linux
Opened by Jozef Mares (kain) - Monday, 08 December 2008, 16:29 GMT
Last edited by Pierre Schmitz (Pierre) - Monday, 08 December 2008, 19:14 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity Critical
Priority Normal
Reported Version None
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


PHP 5.2.7 (which is in stable) has a serious security flaw. 5.2.7 was removed from php distribution yesterday. recommends downgrade to 5.2.6 or
For those who already have installed 5.2.7 can workaround the MQ bug by setting "filter.default_flags=0" in php.ini

Additional info:
* package version(s)
PHP 5.2.7

Original info:

Steps to reproduce:
Sync repos via pacman -Syu
This task depends upon

Closed by  Pierre Schmitz (Pierre)
Monday, 08 December 2008, 19:14 GMT
Reason for closing:  Not a bug
Additional comments about closing: ral/2008-December/002932.html
Comment by A. K. (Misery) - Monday, 08 December 2008, 17:17 GMT Comment by Jozef Mares (kain) - Monday, 08 December 2008, 17:30 GMT
i'm no pro in php, but this seems to fix only magic_quotes (which is relevant to security problem). Or I just do not understand why recommends stay on 5.2.6 and wait for 5.2.8.
If you think it is fixed lets close it.