Scripts using PHP 5.3 that accept multiple file uploads in a single request are potentially vulnerable to a directory traversal attack. References: http://support.novell.com/security/cve/CVE-2012-1172.html https://bugzilla.novell.com/show_bug.cgi?id=752030 PHP file to reproduce the issue should be here: http://svn.php.net/viewvc/php/php-src/trunk/tests/basic/bug55500.phpt?revision=321664&view=markup&pathrev=321664 Cauldron is also affected.
Created attachment 2086 [details] php-5.3.10-CVE-2012-1172.diff Upstream patch to fix the issue.
Blocks: (none) => 5046
Freeze push requested for Cauldron. For Mageia 1 I'll fold this into Bug 5063.
Version: 1 => Cauldron
Fixed in php-5.3.10-8.mga2
Status: NEW => RESOLVEDResolution: (none) => FIXED
Blocks: 5046 => (none)