Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] [SECURITY] Bump php to 5.2.14
@ 2010-08-12 13:15 Gustavo Zacarias
  2010-08-13 10:40 ` Thomas Petazzoni
  0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2010-08-12 13:15 UTC (permalink / raw)
  To: buildroot


PHP 5.2.14 fixes various security vulnerabilities:

* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs.
* Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
* Fixed a possible interruption array leak in strchr(), strstr(),
substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
* Fixed a possible memory corruption in substr_replace().
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed a possible stack exaustion inside fnmatch().
* Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
* Fixed handling of session variable serialization on certain prefix
characters.
* Fixed a possible arbitrary memory access inside sqlite extension.
Reported by Mateusz Kocielski.


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: buildroot-php-5.2.14.patch
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20100812/acd71360/attachment.ksh>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-08-13 10:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-12 13:15 [Buildroot] [PATCH] [SECURITY] Bump php to 5.2.14 Gustavo Zacarias
2010-08-13 10:40 ` Thomas Petazzoni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox