PHP 5.4.8 and PHP 5.3.18

Posted by & filed under PHP.

On october 18th 2012, the PHP group has released PHP 5.4.8 and PHP 5.3.18, that bring ~20 bug fixes. The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

PHP 5.4.7 and PHP 5.3.17

Posted by & filed under PHP.

On september 13th 2012, the PHP group has released PHP 5.4.7 and PHP 5.3.17, that bring ~20 bug fixes. The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures with the following changes : php5-suhosin is not a recommendation from php5-common anymore. php5-xcache now includes the admin web… Read more »

How to post useful bug reports

Posted by & filed under PHP.

With the latest two PHP updates, some users reported problems with FPM, with APC, etc… It was about segfaults, problematic init scripts, and so on… But all those comments couldn’t really help me to diagnose the problems in an efficient manner. Here are the pieces of information that you have to provide to help me… Read more »

PHP 5.4.6

Posted by & filed under PHP.

On august 16th 2012, the PHP group has released PHP 5.4.6, that brings 20 minor bug fixes. The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

PHP 5.3.16

Posted by & filed under PHP.

On august 16th 2012, the PHP group has released PHP 5.3.16, that brings 20 minor bug fixes. The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

PHP 5.4.5 and PHP 5.3.15

Posted by & filed under PHP.

On july 19th 2012, the PHP group has released PHP 5.4.5 and PHP 5.3.15, that bring over 30 bug fixes, including a fix for a security related overflow issue in the stream implementation. The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures (see the installation instructions). Please also… Read more »

PHP 5.3.14

Posted by & filed under PHP.

On june 14th 2012, the PHP group has released PHP 5.3.14, that brings over 30 bug fixes, some of which are security related : A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. Please also note that the use of php://fd streams is now restricted to the CLI… Read more »

Security : PHP 5.4.3 and PHP 5.3.13

Posted by & filed under PHP.

PHP 5.4.3 and PHP 5.3.13 have been released by the PHP development team to fix some critical security issues : Source code disclosure with a trivial request (CVE-2012-1823 and CVE-2012-2311) –  PHP 5.4 and 5.3 are vulnerable buffer overflow in apache_request_headers() (CVE-2012-2329) – only PHP 5.4 is vulnerable. If you’re using the CGI flavor of PHP, upgrading… Read more »

PHP 5.4.1

Posted by & filed under PHP.

On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.4.1: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Key enhancements in… Read more »

PHP 5.3.11

Posted by & filed under PHP.

On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.11: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Fixed bug #61043 (Regression… Read more »