interfasys
Verified User
Security Enhancements and Fixes in PHP 5.3.4:
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
Added stat support for zip stream.
Added follow_location (enabled by default) option for the http stream support.
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
Multiple improvements to the FPM SAPI.
Over 100 other bug fixes.
---------------
Security Enhancements and Fixes in PHP 5.2.15:
Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.
Fixed crash in zip extract method (possible CWE-170).
Fixed a possible double free in imap extension.
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Key enhancements in PHP 5.2.15 include:
Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
http://www.php.net/downloads.php
WARNING: PHP 5.2.15 is broken, you need to patch it with this
http://bugs.php.net/patch-display.p...open_basedir-5.2.15-fix.patch&revision=latest
Hopefully custombuild will include it or a new version of PHP will be released in the coming days.
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
Added stat support for zip stream.
Added follow_location (enabled by default) option for the http stream support.
Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
Multiple improvements to the FPM SAPI.
Over 100 other bug fixes.
---------------
Security Enhancements and Fixes in PHP 5.2.15:
Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE.
Fixed crash in zip extract method (possible CWE-170).
Fixed a possible double free in imap extension.
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data).
Key enhancements in PHP 5.2.15 include:
Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object).
http://www.php.net/downloads.php
WARNING: PHP 5.2.15 is broken, you need to patch it with this
http://bugs.php.net/patch-display.p...open_basedir-5.2.15-fix.patch&revision=latest
Hopefully custombuild will include it or a new version of PHP will be released in the coming days.
Last edited: