pajoye                                   Tue, 28 Sep 2010 13:30:30 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=303826

Log:
- Fixed possible flaw in open_basedir (CVE-2010-3436)

Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2010-09-28 13:30:20 UTC (rev 303825)
+++ php/php-src/branches/PHP_5_3/NEWS   2010-09-28 13:30:30 UTC (rev 303826)
@@ -13,8 +13,9 @@
 - Implemented symbolic links support for open_basedir checks. (Pierre)
 - Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)

+- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
+- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
 - Fixed symbolic resolution support when the target is a DFS share. (Pierre)
-- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
 - Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED.
   (Kalle)
 - Changed the $context parameter on copy() to actually have an effect. (Kalle)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to