[php-maint] Bug#382259: PHP 4.4.4 released
allard at byte.nl
Fri Aug 18 13:21:19 UTC 2006
retitle 382259 PHP 4.4.3 and 4.4.4 fix security bugs (CVE-2006-301, et al.)
Please upgrade Sid to 4.4.4.
>From the release announcement:
> PHP development team would like to announce the immediate availability
> of PHP 5.1.5 and PHP 4.4.4. The two releases address a series of
> security problems discovered since PHP 5.1.4 and 4.4.3, respectively.
> These include the following:
> - Added missing safe_mode/open_basedir checks inside the error_log(),
> file_exists(), imap_open() and imap_reopen() functions.
> - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
> - Fixed possible open_basedir/safe_mode bypass in cURL extension and on
> PHP 5.1.5 with realpath cache.
> - Fixed overflow in GD extension on invalid GIF images.
> - Fixed a buffer overflow inside sscanf() function.
> - Fixed an out of bounds read inside stripos() function.
> - Fixed memory_limit restriction on 64 bit system.
> [...] [We recommend] that all users upgrade to either one of the new
> releases as soon as possible.
More information about the pkg-php-maint