On Wed, Dec 29, 2004 at 12:51:15PM -0800, Avleen Vig wrote: > > Julian Elischer <julian@elischer.org> writes: > > > might be a good idea if we "urged" users to update their phpbb a bit > > > more vocally. > > I was under the impression, that upgrading to PHP 4.3.10 would also fix > this, or was that a different issue? There have been multiple issues being attacked: 4.3.10 fixes a problem where you could exploit code which accepted serialized data structures directly from clients; most of the prolems were caused, however, by a bug in phpBB which had nothing to do with this. In either case the problem has very little to do with PHP - it's yet another case of programmers not sanitizing input from untrusted sources. Chris _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"