Module Name:	pkgsrc
Committed By:	salo
Date:		Tue May 15 23:40:43 UTC 2007

Modified Files:
	pkgsrc/www/php4 [pkgsrc-2007Q1]: Makefile.common distinfo
Removed Files:
	pkgsrc/www/php4/patches [pkgsrc-2007Q1]: patch-ae

Log Message:
Pullup ticket 2084 - requested by adrianp
security update for php4

Updated via patch provided by the submitter.

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Sun May  6 19:50:18 UTC 2007

   Modified Files:
   	pkgsrc/www/php4: Makefile.common distinfo
   Removed Files:
   	pkgsrc/www/php4/patches: patch-ae

   Log Message:
   Update to 4.4.7
   * Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
   * Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
   * Fixed a bug in mb_parse_str() that can be used to activate register_globals
     (MOPB-26 by Stefan Esser)
   * Fixed unallocated memory access/double free in in array_user_key_compare()
     (MOPB-24 by Stefan Esser)
   * Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
   * Added missing open_basedir & safe_mode checks to zip:// and bzip://
   * wrappers.
     (MOPB-21 by Stefan Esser).
   * Limit nesting level of input variables with max_input_nesting_level as fix
   * for
     (MOPB-03 by Stefan Esser)
   * Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
   * Fixed a possible super-global overwrite inside import_request_variables().
     (by Stefano Di Paola, Stefan Esser)
   * Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
     library. (by Stanislav Malyshev)
   * XSS in phpinfo() (MOPB-8 by Stefan Esser)


To generate a diff of this commit:
cvs rdiff -r1.55 -r1.55.2.1 pkgsrc/www/php4/Makefile.common
cvs rdiff -r1.62.2.1 -r1.62.2.2 pkgsrc/www/php4/distinfo
cvs rdiff -r1.6.26.1 -r0 pkgsrc/www/php4/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.