Subject: CVS commit: [pkgsrc-2007Q1] pkgsrc/lang/php5
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 05/15/2007 23:42:40
Module Name: pkgsrc
Committed By: salo
Date: Tue May 15 23:42:40 UTC 2007
Modified Files:
pkgsrc/lang/php5 [pkgsrc-2007Q1]: Makefile Makefile.common PLIST
distinfo
Removed Files:
pkgsrc/lang/php5/patches [pkgsrc-2007Q1]: patch-ac
Log Message:
Pullup ticket 2085 - requested by adrianp
security update for php5
Updated via patch provided by the submitter.
Module Name: pkgsrc
Committed By: adrianp
Date: Sun May 6 20:07:37 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ac
Log Message:
Update 5.2.2
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip://
* wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix
* for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* Fixed a header injection via Subject and To parameters to the mail()
* function
(MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan
* Esser)
* Fixed substr_compare and substr_count information leak
(MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside
* make_http_soap_request()
(by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create().
(by Ilia Alshanetsky)
To generate a diff of this commit:
cvs rdiff -r1.48 -r1.48.2.1 pkgsrc/lang/php5/Makefile
cvs rdiff -r1.24 -r1.24.2.1 pkgsrc/lang/php5/Makefile.common
cvs rdiff -r1.14 -r1.14.2.1 pkgsrc/lang/php5/PLIST
cvs rdiff -r1.36.2.1 -r1.36.2.2 pkgsrc/lang/php5/distinfo
cvs rdiff -r1.3.2.1 -r0 pkgsrc/lang/php5/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.