CVS commit: doc

To: source-changes%netbsd.org@localhost
Subject: CVS commit: doc
From: "Johnny C. Lam" <jlam%netbsd.org@localhost>
Date: Thu, 28 Feb 2002 17:08:07 +0200 (EET)

Module Name:    doc
Committed By:   jlam
Date:           Thu Feb 28 15:08:07 UTC 2002

Modified Files:
        doc: pkg-CHANGES

Log Message:
Update php3 and ap-php3 to 3.0.18nb1.  Changes from version 3.0.18 are
a security fix for a file-upload bug.

                        <===> SECURITY NOTE <===>

Note that the buffer overflow fix is a major security fix.  Quoting from
the security advisory at:

        http://security.e-matters.de/advisories/012002.html

"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.


To generate a diff of this commit:
cvs rdiff -r1.6075 -r1.6076 doc/pkg-CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: doc
Next by Date: CVS commit: sharesrc/share/mk
Previous by Thread: CVS commit: doc
Next by Thread: CVS commit: sharesrc/share/mk
Indexes:

Home | Main Index | Thread Index | Old Index