Debian 2.2 Security Advisory: PHP 3 Format String Remote Exploit

[Updated version: corrected URLs]

In versions of the PHP 3 packages before version 3.0.17, several format
string bugs could allow properly crafted requests to execute code as the
user running PHP scripts on the web server, particularly if error logging
was enabled.

This problem is fixed in versions 3.0.17-0potato2 and 3.0.17-0potato3 for
Debian 2.2 (potato) and in version 3.0.17-1 for Debian Unstable (woody).
This is a bug fix release and we recommend all users of php3 upgrade to it.

Debian GNU/Linux 2.1 alias slink

Slink contains php3 version 3.0.5, which is believed to be affected by
this problem. No security updates for slink are available at this time;
Slink users who have php3 installed are highly recommended to either
upgrade to potato or recompile the potato php3 packages from source
(see the URLs below).

Debian GNU/Linux 2.2 (stable) alias potato

Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architec...