1 |
Am 08.10.2007 um 10:05 schrieb Christian Hoffmann: |
2 |
|
3 |
> On 2007-10-08 at 05:37 +0200, Robert Buchholz wrote: |
4 |
> |
5 |
>> On Thursday, 4. October 2007, Christian Hoffmann wrote: |
6 |
>>> # Christian Hoffmann <hoffie@g.o> (04 Oct 2007) |
7 |
>>> # Outdated (no releases since May 2006), buggy and possibly |
8 |
>>> vulnerable |
9 |
>>> # to security problems |
10 |
>> |
11 |
>> Anything security-related you know of or just a wild guess? |
12 |
> Not exactly a wild guess, I just didn't want to make a statement |
13 |
> on whether these are security problems or not: |
14 |
> * INFILE LOCAL option handling vs. open_basedir or safe_mode |
15 |
> * A crash inside pdo_pgsql on some non-well-formed SQL queries |
16 |
> (both from php-5.2.4 ChangeLog) |
17 |
|
18 |
Since the second is only locally invoked* DoS and the first an |
19 |
ever-beloved workaround for the basedir restriction, we don't |
20 |
need to say goodbye with a maskglsa. |
21 |
|
22 |
Thanks, |
23 |
Robert |
24 |
|
25 |
* unless someone allows remote users to submit SQL queries... :-) |
26 |
-- |
27 |
gentoo-dev@g.o mailing list |