-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-01-06 12:58:52 UTC
-
Revision ID:
james.westby@ubuntu.com-20100106125852-bm3293pat2228fsm
Tags: 5.1.2-1ubuntu3.18
* SECURITY UPDATE: information disclosure and denial of service via
zend_restore_ini_entry_cb function.
- debian/patches/CVE-2009-2626.patch: gracefully handle failure in
Zend/zend_ini.c.
- CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
filtering
- debian/patches/CVE-2009-4142.patch: rewrite handling logic in
ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
test script.
- CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
handling
- debian/patches/CVE-2009-4143.patch: protect from interrupt
corruption in ext/session/session.c.
- CVE-2009-4143