[php-maint] Bug#361853: not fixed in etch
Thijs Kinkhorst
thijs at debian.org
Tue Aug 15 09:14:37 UTC 2006
Hello Stefan,
> according to secunia [1], this has been fixed in 4.4.3, not in 4.4.2
>
> [1] http://secunia.com/advisories/19599
I've verified that the bug is indeed marked as fixed in the 4.4.3
changelog of PHP.
However, phpinfo() is a debug tool. I don't know why you would want to
use it on a production system and inside a context where cookies contain
security relevant information at the same time. If you ask me, this is
'important' at most. Secunia labels it as "not critical".
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20060815/3e80af04/attachment.pgp
More information about the pkg-php-maint
mailing list