Ubuntu
php5 package

Bug #227464
Comment #8

Comment 8 for bug 227464

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2008-06-04: Re: PHP 5.2.6 fixes important security bugs

These are the security fixes as shown in the current changelog at:
http://www.php.net/ChangeLog-5.php

I chased down the CVS commit log messages against 5_2 for each of these.
Most of the fixes look relatively compact, with the exception of the
last, which is comparatively huge.

Version 5.2.6
01-May-2008
      * Security Fixes
              * Fixed possible stack buffer overflow in FastCGI SAPI.
                (Andrei Nigmatulin)
                      * http://marc.info/?l=php-cvs&m=120721829703242&w=2
              * Properly address incomplete multibyte chars inside
                escapeshellcmd() (Ilia, Stefan Esser)
                      * http://marc.info/?l=php-cvs&m=120579496007399&w=2
              * Fixed security issue detailed in CVE-2008-0599. (Rasmus)
                      * http://marc.info/?l=php-cvs&m=120415902925033&w=2
              * Fixed a safe_mode bypass in cURL identified by
                Maksymilian Arciemowicz. (Ilia)
                      * http://marc.info/?l=php-cvs&m=119963956428826&w=2
              * Upgraded PCRE to version 7.6 (Nuno)
                      * http://marc.info/?l=php-cvs&m=120163838831816&w=2
                      * Note, this is a very LARGE patch

:-Dustin

Ubuntuphp5 package

Comment 8 for bug 227464

Ubuntu
php5 package