Commit: 4608e271ccf164e37f3b5dd67185f33459a5ce57 Author: Stanislav Malyshev <[email protected]> Sun, 18 Aug 2013 14:45:19 -0700 Parents: 0a5529f0b957cf19f1b593e0f5033b5475722285 Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=4608e271ccf164e37f3b5dd67185f33459a5ce57 Log: add CVE for session fixation - CVE-2011-4718 Changed paths: M ChangeLog-5.php M archive/entries/2013-08-16-1.xml M releases/5_5_2.php Diff: diff --git a/ChangeLog-5.php b/ChangeLog-5.php index a1007b2..6d87f94 100644 --- a/ChangeLog-5.php +++ b/ChangeLog-5.php @@ -53,7 +53,7 @@ function peclbugl($number) { echo "<a href=\"http://pecl.php.net/bugs/bug.php? </ul></li> <li>Sessions: <ul> - <li>Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) which protects against session fixation attacks and session collisions.</li> + <li>Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) which protects against session fixation attacks and session collisions (CVE-2011-4718).</li> <li>Fixed possible buffer overflow under Windows. Note: Not a security fix.</li> <li>Changed session.auto_start to PHP_INI_PERDIR.</li> </ul></li> diff --git a/archive/entries/2013-08-16-1.xml b/archive/entries/2013-08-16-1.xml index 0f084c0..809f2f9 100644 --- a/archive/entries/2013-08-16-1.xml +++ b/archive/entries/2013-08-16-1.xml @@ -11,7 +11,7 @@ <content type="xhtml"> <div xmlns="http://www.w3.org/1999/xhtml";> <p>The PHP development team announces the immediate availability of PHP - 5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248). + 5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718). All users of PHP are encouraged to upgrade to this release.</p> <p>For source downloads of PHP 5.5.2 please visit our <a href="http://www.php.net/downloads.php";>downloads page</a>, diff --git a/releases/5_5_2.php b/releases/5_5_2.php index 8c14e59..b59b0c3 100644 --- a/releases/5_5_2.php +++ b/releases/5_5_2.php @@ -8,7 +8,7 @@ site_header("PHP 5.5.2 Release Announcement"); <h1>PHP 5.5.2 Release Announcement</h1> <p>The PHP development team announces the immediate availability of PHP -5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248). +5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718). All users of PHP are encouraged to upgrade to this release.</p> <p>For source downloads of PHP 5.5.2 please visit our <a href="http://www.php.net/downloads.php";>downloads page</a>, -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
