FreeBSD Bugzilla – Attachment 91933 Details for
Bug 129459
[patch] [vuxml] databases/php5-dba, databases/php4-dba: fix dba_replace() file truncation
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
vuln.xml
vuln.xml (text/plain), 1.34 KB, created by
Eygene Ryabinkin
on 2008-12-06 12:50:00 UTC
(
hide
)
Description:
vuln.xml
Filename:
MIME Type:
Creator:
Eygene Ryabinkin
Created:
2008-12-06 12:50:00 UTC
Size:
1.34 KB
patch
obsolete
> <vuln vid="bfbed571-c390-11dd-b08d-001fc66e7203"> > <topic>PHP -- INI database truncation inside dba_replace() function</topic> > <affects> > <package> > <name>php4-dba</name> > <range><lt>4.4.9_1</lt></range> > </package> > <package> > <name>php5-dba</name> > <range><lt>5.2.6_1</lt></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <p>A bug that leads to the emptying of the INI file contents if > the database key was not found exists in PHP dba extension in > versions 5.2.6, 4.4.9 and earlier.</p> > <p>Maksymilian Arciemowicz from Security Reason reports:</p> > <blockquote > cite="http://www.securityfocus.com/archive/1/498746/30/0/threaded"> > <p>Function dba_replace() are not filtering strings key and > value. There is a possibility for the destruction of the > file.</p> > </blockquote> > </body> > </description> > <references> > <url>http://securityreason.com/achievement_securityalert/58</url> > <url>http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1314</url> > <url>http://www.securityfocus.com/archive/1/498746/30/0/threaded</url> > </references> > <dates> > <discovery>28-11-2008</discovery> > <entry>TODAY</entry> > </dates> > </vuln>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 129459
:
91932
| 91933