| Ilia Alshanetsky 2007-08-31, 8:26 am |
| iliaa Fri Aug 31 12:37:21 2007 UTC
Modified files:
/phpweb/archive 2007.xml
/phpweb/releases 5_2_4.php
Log:
Fixed security issue discovery attribution
http://cvs.php.net/viewvc.cgi/phpwe...5&diff_format=u
Index: phpweb/archive/2007.xml
diff -u phpweb/archive/2007.xml:1.14 phpweb/archive/2007.xml:1.15
--- phpweb/archive/2007.xml:1.14 Fri Aug 31 01:33:37 2007
+++ phpweb/archive/2007.xml Fri Aug 31 12:37:21 2007
@@ -44,10 +44,10 @@
<li>Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)</li>
<li>Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)</li>
<li>Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)</li>
- <li>Fixed integer overflow in str[c]spn(). (Reported by Stanislav Malyshev)</li>
+ <li>Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)</li>
<li>Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)</li>
<li>Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)</li>
- <li>Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Stanislav Malyshev)</li>
+ <li>Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)</li>
<li>Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)</li>
<li>Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)</li>
<li>Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)</li>
http://cvs.php.net/viewvc.cgi/phpwe...2&diff_format=u
Index: phpweb/releases/5_2_4.php
diff -u phpweb/releases/5_2_4.php:1.1 phpweb/releases/5_2_4.php:1.2
--- phpweb/releases/5_2_4.php:1.1 Thu Aug 30 23:36:27 2007
+++ phpweb/releases/5_2_4.php Fri Aug 31 12:37:21 2007
@@ -1,5 +1,5 @@
<?php
-// $Id: 5_2_4.php,v 1.1 2007/08/30 23:36:27 iliaa Exp $
+// $Id: 5_2_4.php,v 1.2 2007/08/31 12:37:21 iliaa Exp $
$_SERVER['BASE_PAGE'] = 'releases/5_2_4.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
site_header("PHP 5.2.4 Release Announcement");
@@ -21,10 +21,10 @@
<li>Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)</li>
<li>Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)</li>
<li>Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)</li>
- <li>Fixed integer overflow in str[c]spn(). (Reported by Stanislav Malyshev)</li>
+ <li>Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)</li>
<li>Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)</li>
<li>Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)</li>
- <li>Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Stanislav Malyshev)</li>
+ <li>Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)</li>
<li>Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)</li>
<li>Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)</li>
<li>Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)</li>
|