ius-coredev team mailing list archive

[BJ Dierkes <wdierkes@xxxxxxxxxxxxx>]

Public bug reported:

PHP 5.2.12 Released!
[17-Dec-2009]

The PHP development team would like to announce the immediate
availability of PHP 5.2.12. This release focuses on improving the
stability of the PHP 5.2.x branch with over 60 bug fixes, some of which
are security related. All users of PHP 5.2 are encouraged to upgrade to
this release.

Security Enhancements and Fixes in PHP 5.2.12:

    * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
    * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
    * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
    * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
    * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Further details about the PHP 5.2.12 release can be found in the release
announcement, and the full list of changes are available in the
ChangeLog.

** Affects: ius
     Importance: Medium
     Assignee: BJ Dierkes (derks)
         Status: In Progress

** Affects: ius/php52
     Importance: Medium
     Assignee: BJ Dierkes (derks)
         Status: In Progress


** Tags: php52

** Changed in: ius
     Assignee: (unassigned) => BJ Dierkes (derks)

** Changed in: ius
    Milestone: None => php52-5.2.12-1

** Also affects: ius/php52
   Importance: Undecided
       Status: New

** Changed in: ius/php52
    Milestone: None => php52-5.2.12-1

** Changed in: ius/php52
   Importance: Undecided => Medium

** Changed in: ius/php52
       Status: New => In Progress

** Changed in: ius/php52
     Assignee: (unassigned) => BJ Dierkes (derks)

-- 
RFE: PHP 5.2.12 Source Update
https://bugs.launchpad.net/bugs/497826
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.

Status in IUS Community Project: In Progress
Status in IUS Community Project php52 series: In Progress

Bug description:
PHP 5.2.12 Released!
[17-Dec-2009]

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.12:

    * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
    * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
    * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
    * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
    * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Further details about the PHP 5.2.12 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.