[php-maint] PHP 5.2.5 is out.. Please update packages!

Marco Rodrigues gothicx at sapo.pt
Mon Nov 12 18:27:22 UTC 2007

PHP 5.2.5 Released

Security Enhancements and Fixes in PHP 5.2.5:

    * Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
    * Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported
by Laurent Gaffie.
    * Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
    * Fixed possible triggering of buffer overflows inside glibc implementations
of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
    * Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable
in .htaccess due to the security implications. Reported by SecurityReason.
    * Fixed bug #42869 (automatic session id insertion adds sessions id to
non-local forms).
    * Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).



Marco Rodrigues


More information about the pkg-php-maint mailing list