[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS

Pierre-Alain Joye Wed, 14 Mar 2007 07:08:31 -0800

pajoye          Wed Mar 14 15:06:14 2007 UTC

  Modified files:              (Branch: PHP_4_4)
    /php-src    NEWS 
  Log:
  - add summary of the CVE
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.206&r2=1.1247.2.920.2.207&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.206 php-src/NEWS:1.1247.2.920.2.207
--- php-src/NEWS:1.1247.2.920.2.206     Wed Mar 14 14:49:28 2007
+++ php-src/NEWS        Wed Mar 14 15:06:13 2007
@@ -4,7 +4,8 @@
 - Fixed MOPB-21-2007 An open_basedir/safe_mode bypass inside the
   compress.bzip2 wraper. (Ilia)
 - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
-- Fixed CVE-2007-0455 (Kees Cook, Pierre)
+- Fixed CVE-2007-0455, Buffer overflow in gdImageStringFTEx (used by imagettf
+  function) (Kees Cook, Pierre)
 - Fixed bug #40747 (possible crash in session when save_path is out of 
   open_basedir). (Tony)


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS

Reply via email to