ius-coredev team mailing list archive
-
ius-coredev team
-
Mailing list archive
-
Message #00326
[Bug 609220] [NEW] PHP 5.2.14 Upstream Source Update
Public bug reported:
http://www.php.net/archive/2010.php#id2010-07-22-1
PHP 5.2.14 Released!
[22-Jul-2010]
The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related.
This release marks the end of the active support for PHP 5.2. Following
this release the PHP 5.2 series will receive no further active bug
maintenance. Security fixes for PHP 5.2 might be published on a case by
cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
Security Enhancements and Fixes in PHP 5.2.14:
Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
Fixed a possible memory corruption in substr_replace().
Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
Fixed a possible stack exaustion inside fnmatch().
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
Fixed handling of session variable serialization on certain prefix characters.
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
Key enhancements in PHP 5.2.14 include:
Upgraded bundled PCRE to version 8.02.
Updated timezone database to version 2010.5.
Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.14 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.14.
** Affects: ius
Importance: Undecided
Status: New
--
PHP 5.2.14 Upstream Source Update
https://bugs.launchpad.net/bugs/609220
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
Status in IUS Community Project: New
Bug description:
http://www.php.net/archive/2010.php#id2010-07-22-1
PHP 5.2.14 Released!
[22-Jul-2010]
The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related.
This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
Security Enhancements and Fixes in PHP 5.2.14:
Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
Fixed a possible memory corruption in substr_replace().
Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
Fixed a possible stack exaustion inside fnmatch().
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
Fixed handling of session variable serialization on certain prefix characters.
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
Key enhancements in PHP 5.2.14 include:
Upgraded bundled PCRE to version 8.02.
Updated timezone database to version 2010.5.
Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.14 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.14.
Follow ups
References