-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-01-05 13:14:59 UTC
-
Revision ID:
james.westby@ubuntu.com-20100105131459-3ucxvz2fbbztqasm
Tags: 5.2.10.dfsg.1-2ubuntu6.4
* SECURITY UPDATE: information disclosure and denial of service via
zend_restore_ini_entry_cb function.
- debian/patches/CVE-2009-2626.patch: make sure new_value exists in
main/main.c, gracefully handle failure in Zend/zend_ini.c.
- CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
filtering
- debian/patches/CVE-2009-4142.patch: rewrite handling logic in
ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
test script, fix ext/standard/tests/strings/htmlentities-utf.phpt
test script.
- CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
handling
- debian/patches/CVE-2009-4143.patch: protect from interrupt
corruption in ext/session/session.c.
- CVE-2009-4143