[php-maint] Bug#605391: Patch for CVE-2010-3436 breaks open_basedir

Raoul Bhatia [IPAX] r.bhatia at ipax.at
Tue Nov 30 10:27:51 UTC 2010


On 11/30/2010 11:11 AM, Raoul Bhatia [IPAX] wrote:
>> the patch which was added cause CVE-2010-3436 breaks configurations. 
>> If you have set:
>>
>> open_basedir=/srv/www/
>>  
>> it breaks. You must now set open_basedir=/srv/www without the ending /.
> 
> i can confirm this.
> 
> please fix asap for squeeze.

might

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=305507&r2=305698

be the fix for this issue?

thanks,
raoul
-- 
____________________________________________________________________
DI (FH) Raoul Bhatia M.Sc.          email.          r.bhatia at ipax.at
Technischer Leiter

IPAX - Aloy Bhatia Hava OG          web.          http://www.ipax.at
Barawitzkagasse 10/2/2/11           email.            office at ipax.at
1190 Wien                           tel.               +43 1 3670030
FN 277995t HG Wien                  fax.            +43 1 3670030 15
____________________________________________________________________





More information about the pkg-php-maint mailing list