~ubuntu-branches/ubuntu/dapper/php5/dapper-security

Viewing all changes in revision 25.

  • Committer: Package Import Robot
  • Author(s): Steve Beattie
  • Date: 2011-01-10 04:34:48 UTC
  • Revision ID: package-import@ubuntu.com-20110110043448-88pgrkhkhyrn7b0c
Tags: 5.1.2-1ubuntu3.20
* SECURITY UPDATE: overflow leading to xml decode bypass
  - ext/xml/xml.c: convert short to int to prevent overflow in
    bit operations
  - http://svn.php.net/viewvc/?view=revision&revision=287790
  - CVE-2009-5016
* SECURITY UPDATE: xml decode bypass
  - ext/xml/xml.c: improve utf8 decoding
  - ext/xml/tests/bug49687.phpt: add testcase
  - http://svn.php.net/viewvc/?view=revision&revision=304959
  - CVE-2010-3780
* SECURITY UPDATE: open_basedir bypass
  - main/fopen_wrappers.c: more strict checking in
    php_check_specific_open_basedir()
  - http://svn.php.net/viewvc?view=revision&revision=303824
  - CVE-2010-3436
* SECURITY UPDATE: infinite loop/denial of service when dealing with
  certain textual forms of MAX_FLOAT (LP: #697181)
  - Zend/zend_strtod.c: treat local doubles as volatile to avoid
    x87 registers in zend_strtod()
  - http://svn.php.net/viewvc?view=revision&revision=263637
  - http://svn.php.net/viewvc?view=revision&revision=307095
  - CVE-2010-4645

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: