Posted by & filed under PHP.

On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related :

Security Enhancements and Fixes in PHP 5.3.11:

  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.
  • Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Key enhancements in PHP 5.3.11 include:

  • Added debug info handler to DOM objects.
  • Fixed bug #61172 (Add Apache 2.4 support).

Packages of PHP 5.3.11 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

17 Responses to “PHP 5.3.11”

  1. Eugene OZ

    Please, build package of PHP 5.4.1.
    Thank you very much for your work. It’s very important work for lot of people.

    Reply
  2. Tomas

    It looks like the php5-fpm is somewhat not working [at all]. Failing to start after this update.

    Reply
  3. Guillaume Plessis

    @Tomas : no problem here on dotdeb.org. Be sure to review your configuration files and please check your log files to know the cause of your problem.

    Reply
  4. Tomas

    @Guillaume @Eugene
    Sorry, I didn’t see your comments until now. Thank you for a quick response.

    That’s the point – no change has been done, except for updating the packages, and no logs are there, when trying to start php5-fpm… :-\

    Reply
  5. Tomas

    After hours of trying to find the issue, it crossed my mind to remove APC (pecl uninstall APC), and everything started working again.

    So, it looks like there is incompatibility between the latest PHP 5.3.11 and the latest APC. Beware!

    Reply
  6. Tomas

    APC needed to be rebuilt after the above hassle, but it is working fine now.

    Reply
  7. gavin

    I am getting the following error
    The following packages have unmet dependencies:
    php5-intl : Depends: libicu44 (>= 4.4.1-1) but it is not installable

    When installing php-intl from your repository

    Reply
  8. gavin

    The following packages have unmet dependencies:
    php5-intl : Depends: libicu44 (>= 4.4.1-1) but it is not installable

    Please note the operating system is ubuntu 12.04 64 bit edition i have set dot deb in repository

    Reply
    • Guillaume Plessis

      @gavin : as said before, Dotdeb is made for Debian, not for Ubuntu. Such dependency problem can occur, especially with the latest 12.04 release.

      My advice : stick to the PHP 5.3.10 Ubuntu packages. Remove Dotdeb from your sources.list.

      Reply
  9. x-f

    5.3.11 security update is out for CGI -> IMPOTANT. You can get the source of a website, like config and passwords.

    Reply

Leave a Reply

  • (will not be published)


+ 8 = seventeen