* [Buildroot] [PATCH] [SECURITY] Bump php to 5.2.14
@ 2010-08-12 13:15 Gustavo Zacarias
2010-08-13 10:40 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2010-08-12 13:15 UTC (permalink / raw)
To: buildroot
PHP 5.2.14 fixes various security vulnerabilities:
* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs.
* Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
* Fixed a possible interruption array leak in strchr(), strstr(),
substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
* Fixed a possible memory corruption in substr_replace().
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed a possible stack exaustion inside fnmatch().
* Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
* Fixed handling of session variable serialization on certain prefix
characters.
* Fixed a possible arbitrary memory access inside sqlite extension.
Reported by Mateusz Kocielski.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: buildroot-php-5.2.14.patch
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20100812/acd71360/attachment.ksh>
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] [SECURITY] Bump php to 5.2.14
2010-08-12 13:15 [Buildroot] [PATCH] [SECURITY] Bump php to 5.2.14 Gustavo Zacarias
@ 2010-08-13 10:40 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2010-08-13 10:40 UTC (permalink / raw)
To: buildroot
Hello,
On Thu, 12 Aug 2010 10:15:37 -0300
Gustavo Zacarias <gustavo@zacarias.com.ar> wrote:
> * Rewrote var_export() to use smart_str rather than output buffering,
> prevents data disclosure if a fatal error occurs.
> * Fixed a possible interruption array leak in
> strrchr().(CVE-2010-2484)
> * Fixed a possible interruption array leak in strchr(), strstr(),
> substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),
> trim().
> * Fixed a possible memory corruption in substr_replace().
> * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
> * Fixed a possible stack exaustion inside fnmatch().
> * Fixed a NULL pointer dereference when processing invalid XML-RPC
> requests (Fixes CVE-2010-0397, bug #51288).
> * Fixed handling of session variable serialization on certain prefix
> characters.
> * Fixed a possible arbitrary memory access inside sqlite extension.
> Reported by Mateusz Kocielski.
Thanks, applied to for-2008.11.
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-08-13 10:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-12 13:15 [Buildroot] [PATCH] [SECURITY] Bump php to 5.2.14 Gustavo Zacarias
2010-08-13 10:40 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox