2007-05-06 22:07:37 by Adrian Portelli | Files touched by this commit (5) |
Log message:
Update 5.2.2
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* Fixed a header injection via Subject and To parameters to the mail() function
(MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
* Fixed substr_compare and substr_count information leak
(MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside make_http_soap_request()
(by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create().
(by Ilia Alshanetsky)
|
2007-05-06 15:08:34 by Matthias Scheler | Files touched by this commit (5) |
Log message:
Add security fix for CVE-2007-1001 to "php4-gd" and \
"php5-gd" packages.
Bump package revision.
|
2007-05-05 23:45:12 by Adrian Portelli | Files touched by this commit (4) |
Log message:
Remove PEAR from the default PHP install
|
2007-04-29 14:30:18 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Remove first hunk which contains RCS Id only from patch-ab.
|
2007-04-29 00:05:51 by Stephen Borrill | Files touched by this commit (3) |
Log message:
Patch to fix PHP bug #40326 (cannot open file from cwd if parent folder not
readable).
Patch will be in 5.2.2, so this patch can be removed once it has been
released.
|
2007-04-08 12:49:21 by Geert Hendrickx | Files touched by this commit (1) |
Log message:
Fix reference to ap-php package, from PR#35927.
|
2007-02-25 21:05:11 by Jaromir Dolecek | Files touched by this commit (2) |
Log message:
put back openssl extension, mistakely commented out in PHP 5.2.1 upgrade
noted by Manuel Bouyer
|
2007-02-22 20:30:06 by Thomas Klausner | Files touched by this commit (33) |
Log message:
pkglint USE_LANGUAGES cleanup. Patch from Sergey Svishchev.
|
2007-02-22 20:01:28 by Thomas Klausner | Files touched by this commit (134) | |
Log message:
pkglint cleanup; update HOMEPAGE/MASTER_SITES.
|
2007-02-20 21:46:20 by Jaromir Dolecek | Files touched by this commit (7) |
Log message:
Update PHP5 to 5.2.1. Includes several important security fixes and
large number of other fixes. Update for all users is strongly advised.
|