Ubuntu Security Notice USN-207-1 - A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'.
c852c01ceef1f4598383b83e3061e4f73f06ed53f1c9dbf279fb79d5d0054245