Packages of PHP 5.4.0 have been updated

Posted by & filed under PHP.

Now that PHP 5.4.0 packages have been published as preview, issues have to be fixed. That’s why these packages have been updated with the following changes : gzopen64() has been wrongly introduced on the i386 architecture, instead of the regular gzopen(). It is now fixed. PCRE functions did not support Unicode. That’s ok now. APC has… Read more »

PHP 5.4.0 preview packages

Posted by & filed under PHP.

After many months of active development, PHP 5.4.0 is now generally available : The PHP development team is proud to announce the immediate release of PHP 5.4.0. This release is a major improvement in the 5.x series, which includes a large number of new features and bug fixes. Some of the key new features include: traits, a shortened… Read more »

Security update : PHP 5.3.10

Posted by & filed under PHP.

A few hours ago, PHP 5.3.10 has been released by the PHP Group. It’s an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9’s max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible. Packages of PHP 5.3.10 are now available for : both Debian… Read more »

Advisory : buffer overflow in php5-suhosin

Posted by & filed under PHP.

A few days ago, Stefan Esser discovered a buffer overflow in the “transparent cookie encryption stack” of the Suhosin extension. Here is the full advisory. If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running : apt-get update apt-get install –reinstall php5-suhosin

PHP 5.3.9

Posted by & filed under PHP.

On january 10th 2012, the PHP group has released PHP 5.3.9, that brings over 90 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.9: Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885) Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566) Key… Read more »

PHP 5.3.8 is available

Posted by & filed under PHP.

On August 18th, the PHP Group released PHP 5.3.7 with many security enhancements and many bugfixes. Sadly, it suffered from an issue with the crypt() function , forcing the PHP Group to publish PHP 5.3.8 (that fixes a mysqlnd issue with SSL connections too). I’m glad too announce that PHP 5.3.8 packages are now available on Dotdeb for both… Read more »

PHP 5.3.6 is available

Posted by & filed under PHP.

On March 17th, the PHP Group released PHP 5.3.6. This maintainance release, that focuses on security, is now available on Dotdeb for Debian 6.0 “Squeeze” in amd64 and i386 flavours. The compatibility with the official Debian packages has been improved and you (especially the FPM users) should really take care of some important changes that I… Read more »

Let’s monitor your PHP applications with Pinba

Posted by & filed under PHP.

Do you know Pinba? It’s a great tool and you really should use it on your LAMP platform. Pinba is a realtime monitoring/statistics server for PHP using MySQL as a read-only interface. It accumulates and processes data sent over UDP by multiple PHP processes and displays statistics in a nice human-readable form of simple “reports“, also… Read more »

PHP 5.3.5, now for Squeeze

Posted by & filed under PHP.

I just released PHP 5.3.5 packages for Debian 6.0 (a.k.a “Squeeze”), with some changes against the Lenny’s ones : the packaging process has been improved : dependencies were cleaned up, PHP tests are now displayed, libtool 2.2 is now supported (thanks to the Debian team for their precious work) 3 new useful extensions have been… Read more »

You really should upgrade to PHP 5.3.5 or 5.2.17

Posted by & filed under PHP.

A few days after releasing PHP 5.3.4 and PHP 5.2.16, the PHP group announced an important security update with PHP 5.3.5 and PHP 5.2.17 : This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87… Read more »