[wp-hackers] Fwd: Advisory 09/2006: PHP unserialize() ArrayCreation Integer Overflow

Aaron Brazell emmensetech at gmail.com
Mon Oct 9 16:01:58 GMT 2006

On 10/9/06, Dr Deviant <deviant at dr-deviant.net> wrote:
> no security update planned for a critical fix... not very important then?
> :)

Since WP relies on a minimum of 4.1.2 (I seem to recall this was the
version) then I'm not bringing it up as a "what do we do about PHP" area of
concern. We won't be relying on 5.2 for a long time, methinks.

However, maybe looking at why we serialize arrays and if there's another way
to skin the cat that circumvents the issue altogether.

I don't know how critical this really is. The bugtraq reporter calls it that
but I don't know that it's easily exploited, etc. Maybe a non-issue, but I
figured bringing it to the attention of the list might generate some
conversation on it.

Aaron Brazell
Author & Blogger, http://technosailor.com
Systems Admin, http://b5media.com
Technology Channel Editor, http://b5media.com

"The internet is a series of tubes." -Sen. Ted Stevens

More information about the wp-hackers mailing list