php4 - several vulnerabilities

Several vulnerabilities have been discovered in PHP version 4, a
server-side, HTML-embedded scripting language. The Common Vulnerabilities
and Exposures project identifies the following problems:

• CVE-2007-3799
  The session_start function allows remote attackers to insert
  arbitrary attributes into the session cookie via special characters
  in a cookie that is obtained from various parameters.
• CVE-2007-3806
  A denial of service was possible through a malicious script abusing
  the glob() function.
• CVE-2007-3998
  Certain maliciously constructed input to the wordwrap() function could
  lead to a denial of service attack.
• CVE-2007-4657
  Large len values of the stspn() or strcspn() functions could allow an
  attacker to trigger integer overflows to expose memory or cause denial
  of service.
• CVE-2008-2051
  The escapeshellcmd API function could be attacked via incomplete
  multibyte chars.

For the stable distribution (etch), these problems have been fixed in
version 6:4.4.4-8+etch6.

The php4 packages are no longer present the unstable distribution (sid).

We recommend that you upgrade your php4 package.