[php-maint] Bug#657698: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
Carlos Alberto Lopez Perez
clopez at igalia.com
Thu Feb 2 13:43:30 UTC 2012
On 02/02/12 14:31, Stefan Esser wrote:
> considering the fact that you write this email the very same day that a remote code execution vulnerability in PHP is found that is easy to exploit from remote and is greatly mitigated by the use of Suhosin you look pretty stupid. (In case of usage of Suhosin-Extension in default config, it is even completely killed).
>
> Just saying.
>
I think that you words are out of tone, there is not need to be unpolite
And where is such exploit??? I don't see any CVE
http://www.cvedetails.com/product/128/PHP-PHP.html?vendor_id=74
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carlos Alberto Lopez Perez http://neutrino.es
Igalia - Free Software Engineering http://www.igalia.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120202/f9264f6f/attachment-0001.pgp>
More information about the pkg-php-maint
mailing list