PHP 5.3.11

Posted by & filed under PHP.

On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.11: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Fixed bug #61043 (Regression… Read more »

Packages of PHP 5.4.0 have been updated

Posted by & filed under PHP.

Now that PHP 5.4.0 packages have been published as preview, issues have to be fixed. That’s why these packages have been updated with the following changes : gzopen64() has been wrongly introduced on the i386 architecture, instead of the regular gzopen(). It is now fixed. PCRE functions did not support Unicode. That’s ok now. APC has… Read more »

PHP 5.4.0 preview packages

Posted by & filed under PHP.

After many months of active development, PHP 5.4.0 is now generally available : The PHP development team is proud to announce the immediate release of PHP 5.4.0. This release is a major improvement in the 5.x series, which includes a large number of new features and bug fixes. Some of the key new features include: traits, a shortened… Read more »

Security update : PHP 5.3.10

Posted by & filed under PHP.

A few hours ago, PHP 5.3.10 has been released by the PHP Group. It’s an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9’s max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible. Packages of PHP 5.3.10 are now available for : both Debian… Read more »

Advisory : buffer overflow in php5-suhosin

Posted by & filed under PHP.

A few days ago, Stefan Esser discovered a buffer overflow in the “transparent cookie encryption stack” of the Suhosin extension. Here is the full advisory. If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running : apt-get update apt-get install –reinstall php5-suhosin

PHP 5.3.9

Posted by & filed under PHP.

On january 10th 2012, the PHP group has released PHP 5.3.9, that brings over 90 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.9: Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885) Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566) Key… Read more »

PHP 5.3.8 is available

Posted by & filed under PHP.

On August 18th, the PHP Group released PHP 5.3.7 with many security enhancements and many bugfixes. Sadly, it suffered from an issue with the crypt() function , forcing the PHP Group to publish PHP 5.3.8 (that fixes a mysqlnd issue with SSL connections too). I’m glad too announce that PHP 5.3.8 packages are now available on Dotdeb for both… Read more »

PHP 5.3.6 is available

Posted by & filed under PHP.

On March 17th, the PHP Group released PHP 5.3.6. This maintainance release, that focuses on security, is now available on Dotdeb for Debian 6.0 “Squeeze” in amd64 and i386 flavours. The compatibility with the official Debian packages has been improved and you (especially the FPM users) should really take care of some important changes that I… Read more »

PHP 5.3.5, now for Squeeze

Posted by & filed under PHP.

I just released PHP 5.3.5 packages for Debian 6.0 (a.k.a “Squeeze”), with some changes against the Lenny’s ones : the packaging process has been improved : dependencies were cleaned up, PHP tests are now displayed, libtool 2.2 is now supported (thanks to the Debian team for their precious work) 3 new useful extensions have been… Read more »

You really should upgrade to PHP 5.3.5 or 5.2.17

Posted by & filed under PHP.

A few days after releasing PHP 5.3.4 and PHP 5.2.16, the PHP group announced an important security update with PHP 5.3.5 and PHP 5.2.17 : This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87… Read more »