Subject: CVS commit: pkgsrc/www/php4
To: None <pkgsrc-changes@NetBSD.org>
From: Adrian Portelli <adrianp@netbsd.org>
List: pkgsrc-changes
Date: 08/20/2006 09:44:59
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Aug 20 09:44:59 UTC 2006
Modified Files:
pkgsrc/www/php4: Makefile.common distinfo
Removed Files:
pkgsrc/www/php4/patches: patch-aw
Log Message:
PHP 4.4.4 Release Announcement
This release address a series of locally exploitable security problems
discovered since PHP 4.4.3. All PHP users are encouraged to upgrade to this
release as soon as possible.
This release provides the following security fixes:
* Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed memory_limit restriction on 64 bit system.
To generate a diff of this commit:
cvs rdiff -r1.53 -r1.54 pkgsrc/www/php4/Makefile.common
cvs rdiff -r1.56 -r1.57 pkgsrc/www/php4/distinfo
cvs rdiff -r1.1 -r0 pkgsrc/www/php4/patches/patch-aw
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.