-
Committer:
Package Import Robot
-
Author(s):
Steve Beattie
-
Date:
2011-01-10 04:34:48 UTC
-
Revision ID:
package-import@ubuntu.com-20110110043448-88pgrkhkhyrn7b0c
Tags: 5.1.2-1ubuntu3.20
* SECURITY UPDATE: overflow leading to xml decode bypass
- ext/xml/xml.c: convert short to int to prevent overflow in
bit operations
- http://svn.php.net/viewvc/?view=revision&revision=287790
- CVE-2009-5016
* SECURITY UPDATE: xml decode bypass
- ext/xml/xml.c: improve utf8 decoding
- ext/xml/tests/bug49687.phpt: add testcase
- http://svn.php.net/viewvc/?view=revision&revision=304959
- CVE-2010-3780
* SECURITY UPDATE: open_basedir bypass
- main/fopen_wrappers.c: more strict checking in
php_check_specific_open_basedir()
- http://svn.php.net/viewvc?view=revision&revision=303824
- CVE-2010-3436
* SECURITY UPDATE: infinite loop/denial of service when dealing with
certain textual forms of MAX_FLOAT (LP: #697181)
- Zend/zend_strtod.c: treat local doubles as volatile to avoid
x87 registers in zend_strtod()
- http://svn.php.net/viewvc?view=revision&revision=263637
- http://svn.php.net/viewvc?view=revision&revision=307095
- CVE-2010-4645