Thijs Kinkhorst
2007-Jan-06 16:23 UTC
[Secure-testing-team] Re: Bug#404744: phpMyAdmin, HTTP response splitting and PHP version
close 404744 4:2.9.1.1-1 tags 404744 -moreinfo +sarge thanks Hi Marc, On Sat, 2007-01-06 at 09:26 -0500, Marc Delisle wrote:> Problem confirmed while testing on PHP 5.1.0. I''ll work on a patch this > week-end, it will be included in the soon to be released 2.9.2-rc1.Thanks for your research! I''ll make sure to update 2.9.2 in Debian when it''s released, but this is probably too late for Debian Etch though. In any case, given that the vulnerability does not work with 5.1.2+ and 4.4.2+, we can consider it closed for etch and unstable. I''m therefore closing this bug with the etch version. Testing security team, please update the tracker for this. I''ll await Marcs patch to see whether it''s relevant for stable. Thijs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070106/866a23b8/attachment.pgp