Re: [PHP] PHP 4.4.9 Released!
Long live PHP4 *meheheheheh*
On Thu, 2008-08-07 at 22:47 +0200, Derick Rethans wrote:
The PHP development team would like to announce the immediate
availability of PHP 4.4.9. It continues to improve the security and the
stability of the 4.4 branch and all users are strongly encouraged to
upgrade to it as soon as possible. This release wraps up all the
outstanding patches for the PHP 4.4 series, and is therefore the last
PHP 4.4 release.
Security Enhancements and Fixes in PHP 4.4.9:
* Updated PCRE to version 7.7.
* Fixed overflow in memnstr().
* Fixed crash in imageloadfont when an invalid font is given.
* Fixed open_basedir handling issue in the curl extension.
* Fixed mbstring.func_overload set in .htaccess becomes global.
A separate release announcement is also available. For changes in PHP
4.4.9 since PHP 4.4.8, please consult the PHP 4 ChangeLog.
Release Announcement: http://www.php.net/release_4_4_9.php
http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org
Application and Templating Framework for PHP
- TSLSA-2005-0059 - multi
... Affected versions: Trustix Secure Linux 2.2 ... PHP is an HTML-embedded scripting language. ... use of Rest with FTP servers and Range with HTTP servers to retrieve files ... - New Upstream and Multiple Vendor Security Fixes ...
- Re: Server compromised Zen-Cart "record company" Exploit
... Keep in mind that future versions of PHP will *not* even include a safe-mode ... ... why would you want to run your online business on a server that's got to use safe-mode in order to think they're securing the server? ... And, if it is being used, you shouldn't run your business there, because there will be other security issues to which you'll be vulnerable but never have a clue about it until disaster strikes, because the big picture of security protection has been poorly implemented. ... That said, Zen Cart will install and run even if Safe Mode is active; however, you run the risk of certain features not working with or without notice, and the unexpected appearance of warning or fatal errors while customers are using the site. ...
- TSLSA-2007-0017 - multi
... Affected versions: Trustix Secure Linux 2.2 ... PHP is an HTML-embedded scripting language. ... SECURITY Fix: Arnaud Giersch has reported a weakness in ELinks, ... The Common Vulnerabilities and Exposures project ...
- Re: Securing an Email script
... request to our sales office. ... Since you do ZERO checking on the values it's nothing BUT security issues. ... very powerful PHP function to validate form fields and other strings - ...
- [NEWS] PHP Security Vulnerability in Multipart FORM Data Handling
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The PHP Group has learned of a serious security vulnerability in PHP ... code with the privileges of the web server. ...