This has been addressed in Intrepid by updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1 Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15 Re: test cases: I've not yet seen widely published exploit code, and I'm not about to change that. Regression potential: It is vaguely possible the escapeshellcmd() change could have unintended affects, but extremely unlikely due to the limited use case of the function combined with necessity of using illegal characters in a multi-byte character set. The patches have also been widely tested at this point. The rest are pure bug fixes with infinitesimally low chance of side effects.
-- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
