Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#12383 - PHP 5.2.7 has a serious security flaw

Attached to Project: Arch Linux
Opened by Jozef Mares (kain) - Monday, 08 December 2008, 16:29 GMT
Last edited by Pierre Schmitz (Pierre) - Monday, 08 December 2008, 19:14 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity Critical
Priority Normal
Reported Version None
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
PHP 5.2.7 (which is in stable) has a serious security flaw. 5.2.7 was removed from php distribution yesterday. php.net recommends downgrade to 5.2.6 or
Citation:
For those who already have installed 5.2.7 can workaround the MQ bug by setting "filter.default_flags=0" in php.ini

Additional info:
* package version(s)
PHP 5.2.7

Original php.net info:
http://www.php.net/archive/2008.php#id2008-12-07-1

Steps to reproduce:
Sync repos via pacman -Syu
This task depends upon

Closed by  Pierre Schmitz (Pierre)
Monday, 08 December 2008, 19:14 GMT
Reason for closing:  Not a bug
Additional comments about closing:  http://archlinux.org/pipermail/arch-gene ral/2008-December/002932.html
Comment by A. K. (Misery) - Monday, 08 December 2008, 17:17 GMT Comment by Jozef Mares (kain) - Monday, 08 December 2008, 17:30 GMT
i'm no pro in php, but this seems to fix only magic_quotes (which is relevant to security problem). Or I just do not understand why php.net recommends stay on 5.2.6 and wait for 5.2.8.
If you think it is fixed lets close it.

Loading...