PHP: Multiple vulnerabilities - Severity: high

[XPerties]

http://forums.gentoo.org/viewtopic-t-460727.html

[jamesbond]

What really surprises me is that php 4.4.3 still hasn't been released after this, and other issues, were discovered a few weeks ago.

Maybe that's part of the php group's strategy: push everyone to php5 before they release php6

[ramprage]

Ummm yeah:

PHP copy() function: http://securitytracker.com/alerts/2006/Apr/1015882.html

PHP tempname() Arg: http://securitytracker.com/alerts/2006/Apr/1015881.html

PHP crashing Apache: http://securitytracker.com/alerts/2006/Apr/1015880.html

PHP phpinfo() validation:
http://securitytracker.com/alerts/2006/Apr/1015879.html


Check out http://www.hardened-php.net/php_442_...fixes.117.html

[cooldude7273]

cPanel doesn't find security problems very urgent normally.

[rpmws]

i just got a hold of Nick and he is on it for us

[cooldude7273]

Cool, but could you define "on it" a bit more.

[rpmws]

Cool, but could you define "on it" a bit more.

they know about the issue and should be working on a buildapache to offer the newer versions. Don't have a time frame ..just know they know about it and a security email went out earlier.

[MN-Robert]

Looks like buildapache has been updated.

[rpmws]

Looks like buildapache has been updated.

saying that they don't care about security might not be fair. You just need to give them a little time and make sure they are aware

[MN-Robert]

Just to be clear, I was not the one that said that

[rpmws]

Just to be clear, I was not the one that said that

I know I hit quote by mistake

[rpmws]

as of 10PM EST it's not quite ready yet. .....

[Infopro]

Thanks rpmws. Keep an 'eye' on it for us won't you? (looking at your av)

[rpmws]

Thanks rpmws. Keep an 'eye' on it for us won't you? (looking at your av)

Just spoke with nick again and he said they are working on it will do their best to get an updated version out by Monday at the latest.

[elitewebninja]

Any update on this?