[php-maint] PHP 5.2.5 is out.. Please update packages!
Marco Rodrigues
gothicx at sapo.pt
Mon Nov 12 18:27:22 UTC 2007
PHP 5.2.5 Released
Security Enhancements and Fixes in PHP 5.2.5:
* Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported
by Laurent Gaffie.
* Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
* Fixed possible triggering of buffer overflows inside glibc implementations
of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
* Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable
in .htaccess due to the security implications. Reported by SecurityReason.
* Fixed bug #42869 (automatic session id insertion adds sessions id to
non-local forms).
* Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).
http://www.php.net/ChangeLog-5.php#5.2.5
Thanks!
--
Marco Rodrigues
http://Marco.Tondela.org
More information about the pkg-php-maint
mailing list