These are the security fixes as shown in the current changelog at:
http://www.php.net/ChangeLog-5.php
I chased down the CVS commit log messages against 5_2 for each of these.
Most of the fixes look relatively compact, with the exception of the
last, which is comparatively huge.
Version 5.2.6
01-May-2008
* Security Fixes
* Fixed possible stack buffer overflow in FastCGI SAPI.
(Andrei Nigmatulin)
* http://marc.info/?l=php-cvs&m=120721829703242&w=2
* Properly address incomplete multibyte chars inside
escapeshellcmd() (Ilia, Stefan Esser)
* http://marc.info/?l=php-cvs&m=120579496007399&w=2
* Fixed security issue detailed in CVE-2008-0599. (Rasmus)
* http://marc.info/?l=php-cvs&m=120415902925033&w=2
* Fixed a safe_mode bypass in cURL identified by
Maksymilian Arciemowicz. (Ilia)
* http://marc.info/?l=php-cvs&m=119963956428826&w=2
* Upgraded PCRE to version 7.6 (Nuno)
* http://marc.info/?l=php-cvs&m=120163838831816&w=2
* Note, this is a very LARGE patch
:-Dustin
--
PHP 5.2.6 fixes important security bugs
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
