[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS

Stanislav Malyshev Tue, 18 Sep 2007 13:25:21 -0700

stas            Tue Sep 18 20:25:08 2007 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    NEWS 
  Log:
  add dl() limit patch
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.954&r2=1.2027.2.547.2.955&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.954 php-src/NEWS:1.2027.2.547.2.955
--- php-src/NEWS:1.2027.2.547.2.954     Tue Sep 18 19:49:53 2007
+++ php-src/NEWS        Tue Sep 18 20:25:07 2007
@@ -10,6 +10,8 @@
   (Stas)
 - Fixed PDO crash when driver returns empty LOB stream. (Stas)
 - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas)
+- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
+  (Christian Hoffmann)
 - Fixed missing brackets leading to build warning and error in the log.
   Win32 code). (Andrey)
 - Fixed leaks with multiple connects on one mysqli object. (Andrey)


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS

Reply via email to