| 1 |
Am 08.10.2007 um 10:05 schrieb Christian Hoffmann: |
| 2 |
|
| 3 |
> On 2007-10-08 at 05:37 +0200, Robert Buchholz wrote: |
| 4 |
> |
| 5 |
>> On Thursday, 4. October 2007, Christian Hoffmann wrote: |
| 6 |
>>> # Christian Hoffmann <hoffie@g.o> (04 Oct 2007) |
| 7 |
>>> # Outdated (no releases since May 2006), buggy and possibly |
| 8 |
>>> vulnerable |
| 9 |
>>> # to security problems |
| 10 |
>> |
| 11 |
>> Anything security-related you know of or just a wild guess? |
| 12 |
> Not exactly a wild guess, I just didn't want to make a statement |
| 13 |
> on whether these are security problems or not: |
| 14 |
> * INFILE LOCAL option handling vs. open_basedir or safe_mode |
| 15 |
> * A crash inside pdo_pgsql on some non-well-formed SQL queries |
| 16 |
> (both from php-5.2.4 ChangeLog) |
| 17 |
|
| 18 |
Since the second is only locally invoked* DoS and the first an |
| 19 |
ever-beloved workaround for the basedir restriction, we don't |
| 20 |
need to say goodbye with a maskglsa. |
| 21 |
|
| 22 |
Thanks, |
| 23 |
Robert |
| 24 |
|
| 25 |
* unless someone allows remote users to submit SQL queries... :-) |
| 26 |
-- |
| 27 |
gentoo-dev@g.o mailing list |
Archives