On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.4.1: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Key enhancements in… Read more »
Monthly Archives:: April 2012
PHP 5.3.11
On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.11: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Fixed bug #61043 (Regression… Read more »
Redis 2.4.12
Redis 2.4.12 has been released with these changes : [BUGFIX] Limit the amount of memory consumed by the slow log. [BUGFIX] –test-memory option fixes. [BUGFIX] Less false positives in tests. The upgrade urgency is low if you don’t experience any of the fixed problems. The packages of Redis 2.4.12 are now available for Debian 6.0… Read more »
Nginx 1.2.0 with Naxsi 0.45 and Passenger 3.0.12
Dotdeb’s packages of the long-awaited Nginx 1.2.0 are now available for Debian 6.0 “Squeeze” (amd64/i386) in five flavors : nginx-light, nginx-naxsi, nginx-full, nginx-passenger and nginx-extras. This is a major release with a lot of improvements since the former 1.0 branch. Please take a look at Nginx’ official Changelog before upgrading. On the Dotdeb side : Naxsi,… Read more »
Passenger 3.0.12
Packages of Passenger 3.0.12 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Here is the announcement from Phusion’s blog : Phusion Passenger is an Apache and Nginx module for deploying Ruby web applications. It has a strong focus on ease of use, stability and performance. Phusion Passenger is built on top… Read more »
Redis 2.4.11
Redis 2.4.11 has been released with these changes : [BUGFIX] Fixed a problem with aeWait() implementation. May cause a crash under non easy to replicate condiitons. See issue #267 on github. [BUGFIX] SORT with GET/BY option fetching expiring keys fixed. Issue #460. [BUGFIX] INFO field master_link_down_since_seconds initialized correctly. [FEATURE] redis-cli back ported from Redis unstable…. Read more »
MySQL 5.5.23
The packages of MySQL 5.5.23 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures with no major change except bug fixes. As usual, please read carefully the full Changelog before upgrading. The packages of MySQL 5.5.23 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures with no major… Read more »
Percona toolkit 2.1.1
Percona toolkit 2.1.1 is now available on Dotdeb for Debian 6.0 “Squeeze”. You’ll find its Changelog here. 2.1 introduces a lot of new code for: pt-online-schema-change (completely redesigned) pt-mysql-summary (completely redesigned) pt-summary (completely redesigned) pt-fingerprint (new tool) pt-table-usage (new tool) Baron Schwartz also wrote a blog post that presents pt-online-schema-change, a new and useful online schema… Read more »
Security : Nginx 1.0.15
Nginx 1.0.15 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fix a buffer overflow in the ngx_http_mp4_module : Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley…. Read more »
Nginx with 2 new flavors : Naxsi & Passenger
Dotdeb’s packages of Nginx 1.0.14 for Debian 6.0 “Squeeze” (amd64/i386) have been synchronized with Debian’s ones to benefit from the great work of Cyril Lavier. As a consequence, two new flavors of Nginx are now available, in addition to the regular nginx-light, nginx-full and nginx-extras packages : nginx-naxsi inherits from nginx-light with a great new… Read more »