FreshPorts - VuXML

php development team reports:

Security Enhancements and Fixes in PHP 5.3.12:

• Initial fix for cgi-bin ?-s cmdarg parse issue (CVE-2012-1823)

gt 5.4 lt 5.4.2

lt 5.3.12

lt 5.3.12

lt 4.4.10

lt 5.2.17_8

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.4:

• Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
• Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
• Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
• Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
• Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
• Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
• Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
• Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
• Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
• Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
• Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
• Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
• Improved fix for MOPB-03-2007.
• Corrected fix for CVE-2007-2872.

lt 5.2.4

lt 4.4.8

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.4:

• Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
• Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
• Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
• Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
• Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
• Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
• Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
• Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
• Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
• Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
• Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
• Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
• Improved fix for MOPB-03-2007.
• Corrected fix for CVE-2007-2872.

lt 5.2.4

lt 4.4.8

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

• Fixed CVE-2007-1001, GD wbmp used with invalid image size
• Fixed asciiz byte truncation inside mail()
• Fixed a bug in mb_parse_str() that can be used to activate register_globals
• Fixed unallocated memory access/double free in in array_user_key_compare()
• Fixed a double free inside session_regenerate_id()
• Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
• Limit nesting level of input variables with max_input_nesting_level as fix for.
• Fixed CRLF injection inside ftp_putcmd().
• Fixed a possible super-global overwrite inside import_request_variables().
• Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

• Fixed a header injection via Subject and To parameters to the mail() function
• Fixed wrong length calculation in unserialize S type.
• Fixed substr_compare and substr_count information leak.
• Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().
• Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

• XSS in phpinfo()

lt 5.2.2

lt 4.4.7

ge 0

php development team reports:

Security Enhancements and Fixes in PHP 5.3.12:

• Initial fix for cgi-bin ?-s cmdarg parse issue (CVE-2012-1823)

gt 5.4 lt 5.4.2

lt 5.3.12

lt 5.3.12

lt 4.4.10

lt 5.2.17_8

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

• Fixed CVE-2007-1001, GD wbmp used with invalid image size
• Fixed asciiz byte truncation inside mail()
• Fixed a bug in mb_parse_str() that can be used to activate register_globals
• Fixed unallocated memory access/double free in in array_user_key_compare()
• Fixed a double free inside session_regenerate_id()
• Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
• Limit nesting level of input variables with max_input_nesting_level as fix for.
• Fixed CRLF injection inside ftp_putcmd().
• Fixed a possible super-global overwrite inside import_request_variables().
• Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

• Fixed a header injection via Subject and To parameters to the mail() function
• Fixed wrong length calculation in unserialize S type.
• Fixed substr_compare and substr_count information leak.
• Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().
• Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

• XSS in phpinfo()

lt 5.2.2

lt 4.4.7

ge 0