Jump to content

Recommended Posts

The PHP development team would like to announce the immediateavailability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.

 

Security Enhancements and Fixes in PHP 5.2.7:

 

    * Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)

    * Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.

    * Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.

    * Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).

    * Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).

    * Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.

    * Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)

    * Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)

 

Further details about the PHP 5.2.7 release can be found in the release announcement for 5.2.7, the full list of changes is available in the ChangeLog for PHP 5.

 

Get it while it's hot! :)

Link to comment
https://forums.phpfreaks.com/topic/135628-php-527-released/
Share on other sites

Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.

 

Or disable magic quotes for heaven's sake! :)

Link to comment
https://forums.phpfreaks.com/topic/135628-php-527-released/#findComment-709369
Share on other sites

Magic quotes WAS a security bug because it allowed bad and insecure code to function as though it was good and secure.

 

There is also increasing evidence in the type of new bugs getting into php versions that a few of the programmers/management at php.net are not paying proper attention/thinking or have the proper skills to be messing with the language. This magic quotes problem was the result of php6 code/operation leaking into the php5.2.x branch.

Link to comment
https://forums.phpfreaks.com/topic/135628-php-527-released/#findComment-709423
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.