~ubuntu-branches/ubuntu/karmic/php5/karmic-proposed

Viewing all changes in revision 43.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-03-30 19:20:34 UTC
  • Revision ID: james.westby@ubuntu.com-20090330192034-0fhmrevh08xkdtsg
Tags: 5.2.6.dfsg.1-3ubuntu4
* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
  entry in a .htaccess file. 
  - debian/patches/CVE-2008-5625.patch: enforce restrictions when merging
    in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c.
  - CVE-2008-5625
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
  other virtual hosts.
  - debian/patches/CVE-2009-0754.patch: don't terminate on the first
    function that is not overloaded in ext/mbstring/mbstring.c.
  - CVE-2009-0754

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: