Re: presumptive php sec holes

[yersinia <yersinia.spiros () gmail com>]

On Mon, Oct 12, 2009 at 6:22 PM, Josh Bressers <bressers () redhat com> wrote:
> ----- "Oden Eriksson" <oeriksson () mandriva com> wrote:
>
> > Hello.
> >
> > Attached are some php patches that to me looks security related
> > (unknown
> > impact). I hope someone with insight can classify and possible assign
> > CVE
> > numbers. The patches were taken from their svn repo, so it's
> > "official".
>
> Did you contact PHP upstream about these? They're usually quite on the ball
> with understanding security flaws, so they are likely the best group to help
> you determine what the impact of these are.

These have probably  some refs

http://bugs.php.net/search.php?search_for=&boolean=1&limit=10&order_by=&direction=ASC&cmd=display&status=All&bug_type[]=Safe+Mode%2Fopen_basedir&php_os=&phpver=5.3&assign=&author_email=&bug_age=0

> --
>    JB