-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-03-30 19:20:34 UTC
-
Revision ID:
james.westby@ubuntu.com-20090330192034-0fhmrevh08xkdtsg
Tags: 5.2.6.dfsg.1-3ubuntu4
* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
entry in a .htaccess file.
- debian/patches/CVE-2008-5625.patch: enforce restrictions when merging
in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c.
- CVE-2008-5625
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
other virtual hosts.
- debian/patches/CVE-2009-0754.patch: don't terminate on the first
function that is not overloaded in ext/mbstring/mbstring.c.
- CVE-2009-0754