[php-maint] [ilia at prohost.org: [PHP-DEV] PHP 5.2.7 Released]
seanius at debian.org
Fri Dec 5 07:56:24 UTC 2008
new version means more security vulnerabilities to process, yay :/
i'll spend some time on it this weekend.
at this point in the release cycle i don't think it's wise to upload
5.2.7 to unstable unless we're also planning on branching out for lenny
and sending a seperate package to t-p-u. what do you guys think?
----- Forwarded message from Ilia Alshanetsky <ilia at prohost.org> -----
From: Ilia Alshanetsky <ilia at prohost.org>
To: internals Mailing List <internals at lists.php.net>
Date: Thu, 4 Dec 2008 23:35:56 -0500
Subject: [PHP-DEV] PHP 5.2.7 Released
The PHP development team would like to announce the immediate availability
of PHP 5.2.7. This release focuses on improving the stability of the PHP
5.2.x branch with over 170 bug fixes, several of which are security
related. All users of PHP are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.7:
* Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
* Fixed missing initialization of BG(page_uid) and BG(page_gid), reported
by Maksymilian Arciemowicz.
* Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
* Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
* Fixed incorrect php_value order for Apache configuration, reported by
* Fixed safe_mode related security issues detailed in CVE-2008-2665 and
* Crash with URI/file..php (filename contains 2 dots) (Fixes
* IMAP toolkit crash: rfc822.c legacy routine buffer overflow. (Fixes
Some of the key enhancements in PHP 5.2.7 include:
* Fixed several memory leaks inside the readline and sqlite extensions
* A number of corrections relating to date parsing inside the date
* Fixed bugs relating to data retrieval in the PDO extension
* A series of crashes in various areas of code were resolved
* Several corrections were made to the strip_tags() function in terms of <
and <?XML handling
* A number of bugs were fixed in extract() function when EXTR_REFS flag is
* Added the ability to log PHP errors to the SAPI (Ex. Apache log)
* Over 170 bug fixes.
For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is
available here (http://www.php.net/migration52), detailing the changes
between those releases and PHP 5.2.7. For a full list of changes in PHP
5.2.7, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.7).
5.2 Release Master
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20081205/0cf13b23/attachment.pgp
More information about the pkg-php-maint