pajoye Tue, 28 Sep 2010 13:30:30 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=303826
Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-09-28 13:30:20 UTC (rev 303825) +++ php/php-src/branches/PHP_5_3/NEWS 2010-09-28 13:30:30 UTC (rev 303826) @@ -13,8 +13,9 @@ - Implemented symbolic links support for open_basedir checks. (Pierre) - Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre) +- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) +- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre) - Fixed symbolic resolution support when the target is a DFS share. (Pierre) -- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre) - Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. (Kalle) - Changed the $context parameter on copy() to actually have an effect. (Kalle)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php