FS#12383 : PHP 5.2.7 has a serious security flaw

FS#12383 - PHP 5.2.7 has a serious security flaw

Attached to Project: Arch Linux
Opened by Jozef Mares (kain) - Monday, 08 December 2008, 16:29 GMT
Last edited by Pierre Schmitz (Pierre) - Monday, 08 December 2008, 19:14 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Pierre Schmitz (Pierre)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version	None
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
PHP 5.2.7 (which is in stable) has a serious security flaw. 5.2.7 was removed from php distribution yesterday. php.net recommends downgrade to 5.2.6 or
Citation:
For those who already have installed 5.2.7 can workaround the MQ bug by setting "filter.default_flags=0" in php.ini

Additional info:
* package version(s)
PHP 5.2.7

Original php.net info:
http://www.php.net/archive/2008.php#id2008-12-07-1

Steps to reproduce:
Sync repos via pacman -Syu

This task depends upon

Closed by Pierre Schmitz (Pierre)
Monday, 08 December 2008, 19:14 GMT
Reason for closing: Not a bug
Additional comments about closing: http://archlinux.org/pipermail/arch-gene ral/2008-December/002932.html

Comment by A. K. (Misery) - Monday, 08 December 2008, 17:17 GMT

Seems fixed in 5.2.7-2
http://repos.archlinux.org/viewvc.cgi/php/repos/extra-x86_64/PKGBUILD?r1=20469&r2=20787

Comment by Jozef Mares (kain) - Monday, 08 December 2008, 17:30 GMT

i'm no pro in php, but this seems to fix only magic_quotes (which is relevant to security problem). Or I just do not understand why php.net recommends stay on 5.2.6 and wait for 5.2.8.
If you think it is fixed lets close it.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#12383 - PHP 5.2.7 has a serious security flaw

Details

Loading...