Viewing all changes in revision 23.
- Committer: Bazaar Package Importer
- Date: 2010-01-06 12:58:52 UTC
- Revision ID: james.westby@ubuntu.com-20100106125852-bm3293pat2228fsm
* SECURITY UPDATE: information disclosure and denial of service via
zend_restore_ini_entry_cb function.
- debian/patches/CVE-2009-2626.patch: gracefully handle failure in
Zend/zend_ini.c.
- CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
filtering
- debian/patches/CVE-2009-4142.patch: rewrite handling logic in
ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
test script.
- CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
handling
- debian/patches/CVE-2009-4143.patch: protect from interrupt
corruption in ext/session/session.c.
- CVE-2009-4143
zend_restore_ini_entry_cb function.
- debian/patches/CVE-2009-2626.patch: gracefully handle failure in
Zend/zend_ini.c.
- CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
filtering
- debian/patches/CVE-2009-4142.patch: rewrite handling logic in
ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
test script.
- CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
handling
- debian/patches/CVE-2009-4143.patch: protect from interrupt
corruption in ext/session/session.c.
- CVE-2009-4143
- files added:
- debian/patches/CVE-2009-2626.patch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
