[php-maint] Bug#605391: Patch for CVE-2010-3436 breaks open_basedir
Raoul Bhatia [IPAX]
r.bhatia at ipax.at
Tue Nov 30 10:27:51 UTC 2010
On 11/30/2010 11:11 AM, Raoul Bhatia [IPAX] wrote:
>> the patch which was added cause CVE-2010-3436 breaks configurations.
>> If you have set:
>>
>> open_basedir=/srv/www/
>>
>> it breaks. You must now set open_basedir=/srv/www without the ending /.
>
> i can confirm this.
>
> please fix asap for squeeze.
might
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=305507&r2=305698
be the fix for this issue?
thanks,
raoul
--
____________________________________________________________________
DI (FH) Raoul Bhatia M.Sc. email. r.bhatia at ipax.at
Technischer Leiter
IPAX - Aloy Bhatia Hava OG web. http://www.ipax.at
Barawitzkagasse 10/2/2/11 email. office at ipax.at
1190 Wien tel. +43 1 3670030
FN 277995t HG Wien fax. +43 1 3670030 15
____________________________________________________________________
More information about the pkg-php-maint
mailing list