Publish PHP 5.1.4 security fixes for dapper
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php5 (Ubuntu) |
Fix Released
|
Medium
|
Adam Conrad |
Bug Description
Hello,
PHP 5.1.3 is out
http://
A lot a security issues has been resolved :
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare() function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
Also some minor improvements and bug fixes.
I think it should be in Dapper, because it will be a LTS release, it must have at least the last version by default.
Thanks.
Changed in php5: | |
assignee: | ubuntu-security → pitti |
i assign thi to the security team.
I hope this was not for the motu-uvf ...