FS#12383 - PHP 5.2.7 has a serious security flaw

Attached to Project: Arch Linux
Opened by Jozef Mares (kain) - Monday, 08 December 2008, 16:29 GMT
Last edited by Pierre Schmitz (Pierre) - Monday, 08 December 2008, 19:14 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity Critical
Priority Normal
Reported Version None
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


PHP 5.2.7 (which is in stable) has a serious security flaw. 5.2.7 was removed from php distribution yesterday. php.net recommends downgrade to 5.2.6 or
For those who already have installed 5.2.7 can workaround the MQ bug by setting "filter.default_flags=0" in php.ini

Additional info:
* package version(s)
PHP 5.2.7

Original php.net info:

Steps to reproduce:
Sync repos via pacman -Syu
This task depends upon

Closed by  Pierre Schmitz (Pierre)
Monday, 08 December 2008, 19:14 GMT
Reason for closing:  Not a bug
Additional comments about closing:  http://archlinux.org/pipermail/arch-gene ral/2008-December/002932.html
Comment by A. K. (Misery) - Monday, 08 December 2008, 17:17 GMT Comment by Jozef Mares (kain) - Monday, 08 December 2008, 17:30 GMT
i'm no pro in php, but this seems to fix only magic_quotes (which is relevant to security problem). Or I just do not understand why php.net recommends stay on 5.2.6 and wait for 5.2.8.
If you think it is fixed lets close it.