From owner-freebsd-security  Wed Feb 27 12:27:30 2002
Delivered-To: freebsd-security@freebsd.org
Received: from pi.yip.org (pi.yip.org [199.45.111.121])
	by hub.freebsd.org (Postfix) with ESMTP id B227837B41D
	for <freebsd-security@FreeBSD.ORG>; Wed, 27 Feb 2002 12:27:24 -0800 (PST)
Received: (from melange@localhost)
	by pi.yip.org (8.11.3/8.11.3) id g1RKRLP80588
	for freebsd-security@FreeBSD.ORG; Wed, 27 Feb 2002 15:27:21 -0500 (EST)
	(envelope-from melange@yip.org)
Date: Wed, 27 Feb 2002 15:27:20 -0500
From: Bob K <melange@yip.org>
To: freebsd-security@FreeBSD.ORG
Subject: Re: PHP 4.1.1 security bug
Message-ID: <20020227152720.G40253@yip.org>
References: <DBEMKGPNFGOGJHLMDNDJMEMGGCAA.mitayai@dreamlabs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <DBEMKGPNFGOGJHLMDNDJMEMGGCAA.mitayai@dreamlabs.com>; from mitayai@dreamlabs.com on Wed, Feb 27, 2002 at 01:11:23PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Feb 27, 2002 at 01:11:23PM -0500, Mit Rowe wrote:
> Ref:
> http://www.php.net
> http://security.e-matters.de/advisories/012002.html

The advisory mentions a workaround (Recommendation) for php4
(file_uploads in php.ini), but nothing for php3 - does anyone know if
there is something that can be done for that besides disabling it?
(until it's finished recompiling, I mean)

-- 
Bob <melange@yip.org> | There's more to life than e-mail, supposedly.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message