返回上一页  首页 | cnbeta报时: 23:09:35
PHP 5.4.4 和 5.3.14 安全更新
发布日期:2012-06-15 18:52:49  稿源:

PHP 5.4.14和5.3.14发布,更新日期2012-06-15 。
上个版本是2012-05-08的5.4.3/5.3.13修正了30多个Bug以及几个安全漏洞。
The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension.PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI

更新列表:
Version 5.4.4
06-June-2012
  • CLI SAPI
  • Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions)
  • Improved performance while sending error page, this also fixed bug Fixed bug #61785 (Memory leak when access a non-exists file without router)
  • Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi)
  • Core
  • Fixed missing bound check in iptcparse()
  • Fixed CVE-2012-2143
  • Fixed bug #62097 (fix for for bug #54547)
  • Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
  • Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable)
  • Fixed bug #61991 (long overflow in realpath_cache_get())
  • Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config)
  • Fixed bug #61827 (incorrect e processing on Windows)
  • Fixed bug #61782 (__clone/__destruct do not match other methods when checking access controls)
  • Fixed bug #61761 ('Overriding' a private static method with a different signature causes crash)
  • Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference)
  • Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown phase)
  • Fixed bug #61660 (bin2hex(hex2bin($data)) != $data)
  • Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2))
  • Fixed bug #61605 (header_remove() does not remove all headers)
  • Fixed bug #54547 (wrong equality of string numbers)
  • Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null)
  • Changed php://fd to be available only for CLI
  • CURL
  • Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
  • COM
  • Fixed bug #62146 com_dotnet cannot be built shared
  • Fileinfo
  • Fixed bug #61812 (Uninitialised value used in libmagic)
  • FPM
  • Fixed bug #61812 (Uninitialised value used in libmagic)
  • Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
  • Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read()
  • Iconv
  • Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail
  • Intl
  • Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()
  • JSON
  • Fixed bug #61537 (json_encode() incorrectly truncates/discards information)
  • LibXML
  • Fixed bug #61617 (Libxml tests failed(ht is already destroyed))
  • PDO
  • Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations)
  • Phar
  • Fixed bug #61065 (Secunia SA44335) (CVE-2012-2386)
  • Streams
  • Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)
  • zlib
  • Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression)
  • Fixed bug #61443 (can't change zlib.output_compression on the fly)
  • Fixed bug #60761 (zlib.output_compression fails on refresh)


    • Version 5.3.14
    06-June-2012
  • CLI SAPI
  • Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi)
  • Core
  • Fixed CVE-2012-2143
  • Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
  • Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference)
  • Fixed missing bound check in iptcparse()
  • Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64)
  • Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null)
  • Fixed bug #61713 (Logic error in charset detection for htmlentities)
  • Fixed bug #61991 (long overflow in realpath_cache_get())
  • Changed php://fd to be available only for CLI.
  • CURL
  • Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
  • COM
  • Fixed bug #62146 com_dotnet cannot be built shared
  • Fileinfo
  • Fixed bug #61812 (Uninitialised value used in libmagic)
  • Iconv
  • Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail
  • Intl
  • Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()
  • JSON
  • Fixed bug #61537 (json_encode() incorrectly truncates/discards information)
  • PDO
  • Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations)
  • Phar
  • Fixed bug #61065 (Secunia SA44335)
  • Streams
  • Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)

    • 下载:
    http://cn.php.net/distributions/php-5.4.4.tar.bz2
    http://cn.php.net/distributions/php-5.3.14.tar.bz2
    我们在FebBox(https://www.febbox.com/cnbeta) 开通了新的频道,更好阅读体验,更及时更新提醒,欢迎前来阅览和打赏。
    查看网友评论   返回完整版观看
    最新资讯
    今日最热

    返回上一页  首页 | cnbeta报时: 23:09:35

    文字版  标准版  电脑端

    © 2003-2025