There appears to have been some ambiguity with the vulnerability announcements, with some sites saying PHP 5.1.2 and prior PHP 4.4.2 and prior (http://securityreason.com/achievement_securityalert/34) and others just saying PHP 5.1.2 and 4.4.2 http://www.securityfocus.com/archive/1/archive/1/430449/100/0/threaded
However, in php_print_gpcse_array() in ext/standard/info.c in the debian sarge package there is no reference to the 4096 byte buffer which seemed to be the cause of the problem. David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
