1009 – [SECURITY] Bump php to 5.2.12

Bug 1009 - [SECURITY] Bump php to 5.2.12

Summary: [SECURITY] Bump php to 5.2.12

Status:	RESOLVED FIXED

Alias:	None

Product:	buildroot
Classification:	Unclassified
Component:	Outdated package (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-01-29 13:08 UTC by Gustavo Zacarias
Modified:	2010-01-29 14:01 UTC (History)
CC List:	1 user (show)

See Also:
Host:	i686-linux
Target:	arm-softfloat-linux
Build:

Attachments
Bump php to 5.2.12 (726 bytes, patch) 2010-01-29 13:08 UTC, Gustavo Zacarias	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gustavo Zacarias 2010-01-29 13:08:07 UTC

Created attachment 1009 [details]
Bump php to 5.2.12

PHP 5.2.12 fixes several security issues:

* Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)

* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)

* Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)

* Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)

* Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Comment 1 Peter Korsgaard 2010-01-29 14:01:29 UTC

Committed, thanks