Viewing all changes in revision 35.
- Committer: Bazaar Package Importer
- Date: 2010-01-06 09:39:23 UTC
- Revision ID: james.westby@ubuntu.com-20100106093923-hh4lvsqmaezmzteb
* SECURITY UPDATE: information disclosure and denial of service via
zend_restore_ini_entry_cb function.
- debian/patches/CVE-2009-2626.patch: make sure new_value exists in
main/main.c, gracefully handle failure in Zend/zend_ini.c.
- CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
filtering
- debian/patches/CVE-2009-4142.patch: rewrite handling logic in
ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
test script.
- CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
handling
- debian/patches/CVE-2009-4143.patch: protect from interrupt
corruption in ext/session/session.c.
- CVE-2009-4143
zend_restore_ini_entry_cb function.
- debian/patches/CVE-2009-2626.patch: make sure new_value exists in
main/main.c, gracefully handle failure in Zend/zend_ini.c.
- CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
filtering
- debian/patches/CVE-2009-4142.patch: rewrite handling logic in
ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
test script.
- CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
handling
- debian/patches/CVE-2009-4143.patch: protect from interrupt
corruption in ext/session/session.c.
- CVE-2009-4143
expand all
collapse all
added
removed
