-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-04-15 14:21:45 UTC
-
Revision ID:
james.westby@ubuntu.com-20090415142145-fr8925wsg61446td
Tags: 5.1.2-1ubuntu3.14
* SECURITY UPDATE: cross-site scripting vulnerability when display_errors
is enabled.
- debian/patches/227_SECURITY_CVE-2008-5814.patch: don't print back
cookie names or values in ext/standard/head.c.
- CVE-2008-5814
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
other virtual hosts.
- debian/patches/228_SECURITY_CVE-2009-0754.patch: don't terminate on
the first function that is not overloaded in ext/mbstring/mbstring.c.
- CVE-2009-0754