DescriptionPHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4sourceetch(not affected)
php5source(unstable)(not affected)


- php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime)
[etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)

Search for package or bug name: Reporting problems