On Don, 07 Feb 2002, Dmitry N. Hramtsov wrote:
> As I can see this bug already fixed (Status: Closed) in PHP:
> http://bugs.php.net/bug.php?id=15375,
> so we should just wait for updated package from maintainer.
Maybe its a good idea to read the bug and why it is closed:
--8<--
[5 Feb 9:53am] [EMAIL PROTECTED]
Verified that the exploit allows any file readable by the
MySQL server to be viewed via this technique. Note that
forbidding the MySQL user CREATE permission does make the
exploit less convenient for the attacker.
The MySQL dev team is looking at ways to reduce this risk
via MySQL permission behavior in the server.
Given Rasmus' feedback on the issue, I am closing this as
a PHP bug. Hopefully, the MySQL dev team should be able
eliminate or reduce this risk. If we can't completely
resolve it, I will re-examine this bug.
--zak@[mysql|php].com
--8<--
--
Nočl Köthe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
