stas Tue Sep 18 20:25:08 2007 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS Log: add dl() limit patch http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.954&r2=1.2027.2.547.2.955&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.954 php-src/NEWS:1.2027.2.547.2.955 --- php-src/NEWS:1.2027.2.547.2.954 Tue Sep 18 19:49:53 2007 +++ php-src/NEWS Tue Sep 18 20:25:07 2007 @@ -10,6 +10,8 @@ (Stas) - Fixed PDO crash when driver returns empty LOB stream. (Stas) - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas) +- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). + (Christian Hoffmann) - Fixed missing brackets leading to build warning and error in the log. Win32 code). (Andrey) - Fixed leaks with multiple connects on one mysqli object. (Andrey)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php