On Wed, Jan 11, 2012 at 1:58 PM, Thomas Gries <[email protected]> wrote:
> Am 11.01.2012 19:42, schrieb Chad: > > A new PHP version 5.3.9 has been released, see > > http://www.php.net/archive/2012.php#id2012-01-11-1 > > The page says "All users are strongly encouraged to upgrade to PHP > 5.3.9." > > > > They said almost the same thing for 5.3.1 too[0], and look how well that > > turned out ;-) > Security Enhancements and Fixes in PHP 5.3.9: > > * Added max_input_vars directive to prevent attacks based on hash > collisions. (CVE-2011-4885) > * Fixed bug #60150 (Integer overflow during the parsing of invalid > exif header). (CVE-2011-4566) > > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > Which can be easily backported -- John _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
