[php-maint] Bug#354666: CVE-2005-3388: XSS in PHPInfo
Geoff Crompton
geoff.crompton at strategicdata.com.au
Tue Feb 28 00:16:21 UTC 2006
Package: php4
Version: 4:4.3.10-16
Severity: normal
A recent security focus newsletter updated this issue which was announced back
in October. However I couldn't find a debian bug report specific to this, and
the changelog in sarge doesn't mention 2005-3388.
I saw it at:
http://www.securityfocus.com/bid/15248
Initial report is at: http://www.securityfocus.com/archive/1/415292.
Discovered by Stefan Esser. Apparently it was fixed in 4.4.1, and 5.1.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Versions of packages php4 depends on:
ii libapache-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti
ii php4-common 4:4.3.10-16 Common files for packages built fr
-- no debconf information
More information about the pkg-php-maint
mailing list