* [Buildroot] [Bug 1009] New: [SECURITY] Bump php to 5.2.12
@ 2010-01-29 13:08 bugzilla at busybox.net
2010-01-29 14:01 ` [Buildroot] [Bug 1009] " bugzilla at busybox.net
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla at busybox.net @ 2010-01-29 13:08 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=1009
Host: i686-linux
Target: arm-softfloat-linux
Summary: [SECURITY] Bump php to 5.2.12
Product: buildroot
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Outdated package
AssignedTo: unassigned at buildroot.uclibc.org
ReportedBy: gustavo at zacarias.com.ar
CC: buildroot at uclibc.org
Estimated Hours: 0.0
Created an attachment (id=1009)
--> (https://bugs.busybox.net/attachment.cgi?id=1009)
Bump php to 5.2.12
PHP 5.2.12 fixes several security issues:
* Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
(CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the number
of file uploads per-request to 20 by default, to prevent possible DOS via
temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
"session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
* Fixed bug #49785 (insufficient input string validation of
htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Buildroot] [Bug 1009] [SECURITY] Bump php to 5.2.12
2010-01-29 13:08 [Buildroot] [Bug 1009] New: [SECURITY] Bump php to 5.2.12 bugzilla at busybox.net
@ 2010-01-29 14:01 ` bugzilla at busybox.net
0 siblings, 0 replies; 2+ messages in thread
From: bugzilla at busybox.net @ 2010-01-29 14:01 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=1009
Peter Korsgaard <jacmet@uclibc.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Peter Korsgaard <jacmet@uclibc.org> 2010-01-29 14:01:29 UTC ---
Committed, thanks
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-01-29 14:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-29 13:08 [Buildroot] [Bug 1009] New: [SECURITY] Bump php to 5.2.12 bugzilla at busybox.net
2010-01-29 14:01 ` [Buildroot] [Bug 1009] " bugzilla at busybox.net
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox