[UVF Exception] Sync php4 4.4.4 from Debian unstable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php4 (Ubuntu) |
Fix Released
|
Medium
|
Adam Conrad |
Bug Description
Reason:
Excerpt from the Debian changelog:
* New upstream release [4.4.4]
- Added missing safe_mode/
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
systems.
- Fixed possible open_basedir/
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020)
(Closes: 382261)
- Fixed memory_limit restriction on 64 bit system.
* New upstream release [4.4.3]
- Disallow certain characters in session names. (CVE-2006-3016)
- Fixed a bug that would allow variable to survive unset().
- Fixed a buffer overflow inside the wordwrap() function.
- Prevent jumps to parent directory via the 2nd parameter of
the tempnam() function.
- Improved safe_mode check for the error_log() function.
- Fixed cross-site scripting inside the phpinfo() function.
diffstat between 4.4.2 and 4.4.4