Viewing all changes in revision 20.
- Committer: Bazaar Package Importer
- Date: 2009-04-15 14:21:45 UTC
- Revision ID: james.westby@ubuntu.com-20090415142145-fr8925wsg61446td
* SECURITY UPDATE: cross-site scripting vulnerability when display_errors
is enabled.
- debian/patches/227_SECURITY_CVE-2008-5814.patch: don't print back
cookie names or values in ext/standard/head.c.
- CVE-2008-5814
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
other virtual hosts.
- debian/patches/228_SECURITY_CVE-2009-0754.patch: don't terminate on
the first function that is not overloaded in ext/mbstring/mbstring.c.
- CVE-2009-0754
is enabled.
- debian/patches/227_SECURITY_CVE-2008-5814.patch: don't print back
cookie names or values in ext/standard/head.c.
- CVE-2008-5814
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
other virtual hosts.
- debian/patches/228_SECURITY_CVE-2009-0754.patch: don't terminate on
the first function that is not overloaded in ext/mbstring/mbstring.c.
- CVE-2009-0754
- files added:
- debian/patches/227_SECURITY_CVE-2008-5814.patch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
