<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">ше вщуы<br>
On 09/30/2013 05:02 PM, Erwin Rennert wrote:<br>
</div>
<blockquote cite="mid:5249848F.1030208@zsi.at" type="cite">Please
don't jump to conclusions.
<br>
It might very well be that centos patched the "old" PHP version a
long time ago. I doubt the owncloud installation routine actually
checks for the vulnerability.</blockquote>
<br>
Nevertheless it does<br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a
href="https://github.com/owncloud/core/blob/stable5/core/setup.php#L22">https://github.com/owncloud/core/blob/stable5/core/setup.php#L22</a><br>
<br>
Victor<br>
<br>
<blockquote cite="mid:5249848F.1030208@zsi.at" type="cite"> It
probably only checks for the PHP version number and certainly has
no knowledge of any given distribution's patch history.
<br>
<br>
BTW, CVE-2006-7243 is from 2006, not 2010.
<br>
<br>
Kind regards,
<br>
E.R.
<br>
<br>
<br>
On 09/30/2013 03:25 PM, Adrian Sevcenco wrote:
<br>
<blockquote type="cite">Hi! i just installed the owncloud on an
updated centos 6.4 and i have
<br>
this warning:
<br>
"Your PHP version is vulnerable to the NULL Byte attack
(CVE-2006-7243)
<br>
Please update your PHP installation to use ownCloud securely."
<br>
<br>
given that the bug is from 2010 and i have an updated system, is
the
<br>
warning valid?
<br>
<br>
Thanks!
<br>
Adrian
<br>
<br>
<br>
<br>
_______________________________________________
<br>
Owncloud mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Owncloud@kde.org">Owncloud@kde.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://mail.kde.org/mailman/listinfo/owncloud">https://mail.kde.org/mailman/listinfo/owncloud</a>
<br>
<br>
<br>
!DSPAM:52497c0f128225655088695!
<br>
<br>
</blockquote>
<br>
<br>
</blockquote>
<br>
</body>
</html>