Fedora alert FEDORA-2010-4212 (php)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 12 Update: php-5.3.2-1.fc12 | |
| Date: | Thu, 25 Mar 2010 22:26:58 +0000 | |
| Message-ID: | <20100325222658.484E810F9B9@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-4212 2010-03-11 07:03:40 -------------------------------------------------------------------------------- Name : php Product : Fedora 12 Version : 5.3.2 Release : 1.fc12 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. -------------------------------------------------------------------------------- Update Information: This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2: - Improved LCG entropy. (Rasmus, Samy Kamkar) - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) - Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia) Key Bug Fixes in PHP 5.3.2 include: - Added support for SHA-256 and SHA-512 to php's crypt. - Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. - Fixed bug #51059 (crypt crashes when invalid salt are given). - Fixed bug #50940 Custom content-length set incorrectly in Apache sapis. - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). - Fixed bug #50723 (Bug in garbage collector causes crash). - Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). - Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). - Fixed bug #50540 (Crash while running ldap_next_reference test cases). - Fixed bug #49851 (http wrapper breaks on 1024 char long headers). - Over 60 other bug fixes. Full upstream changelog: http://www.php.net/ChangeLog-5.php#5.3.2 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2010 Remi Collet <Fedora@famillecollet.com> 5.3.2-1 - PHP 5.3.2 Released! - remove mime_magic option (now provided by fileinfo, by emu) - add patch for http://bugs.php.net/50578 - remove patch for libedit (upstream) - add runselftest option to allow build without test suite * Fri Nov 20 2009 Remi Collet <Fedora@famillecollet.com> 5.3.1-1 - update to 5.3.1 - remove openssl patch (merged upstream) - add provides for php-pecl-json - add prod/devel php.ini in doc * Tue Nov 17 2009 Tom "spot" Callaway <tcallawa@redhat.com> - 5.3.0-7 - use libedit instead of readline to resolve licensing issues -------------------------------------------------------------------------------- References: [ 1 ] Bug #570769 - php-5.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=570769 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...