[Buildroot] [PATCH] [SECURITY] Bump php to 5.2.14

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Fri Aug 13 10:40:19 UTC 2010


On Thu, 12 Aug 2010 10:15:37 -0300
Gustavo Zacarias <gustavo at zacarias.com.ar> wrote:

> * Rewrote var_export() to use smart_str rather than output buffering,
> prevents data disclosure if a fatal error occurs.
> * Fixed a possible interruption array leak in
> strrchr().(CVE-2010-2484)
> * Fixed a possible interruption array leak in strchr(), strstr(),
> substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),
> trim().
> * Fixed a possible memory corruption in substr_replace().
> * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
> * Fixed a possible stack exaustion inside fnmatch().
> * Fixed a NULL pointer dereference when processing invalid XML-RPC
> requests (Fixes CVE-2010-0397, bug #51288).
> * Fixed handling of session variable serialization on certain prefix
> characters.
> * Fixed a possible arbitrary memory access inside sqlite extension.
> Reported by Mateusz Kocielski.

Thanks, applied to for-2008.11.

Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.

More information about the buildroot mailing list