Date: Tue, 05 Jun 2007 07:18:51 -0400 From: madodel Subject: [VOICENWS] SW: PHP 5.2.3 Released ++ From the VOICE OS/2-eCS News Service http://www.os2voice.org ++ From: Paul Smedley Hi All, The below text is the official announcement for PHP 5.2.3 - I've just uploaded a build for OS/2 & eComStation to http://os2ports.smedley.info Cheers, Paul. -------- Original Message -------- Subject: [ANNOUNCE] PHP 5.2.3 Released Date: Thu, 31 May 2007 19:10:51 -0400 From: Ilia Alshanetsky To: php-announceDESPAM at DESPAMlists.php.net -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.3 - ---------------------------------------------------------------- * Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872) * Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756) * Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900) * Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath ()) (by bugs dot php dot net at chsc dot dk) * Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib. * Added mysql_set_charset() to allow runtime altering of connection encoding. The Key Improvements of PHP 5.2.3 Include - ------------------------------------------------------------ * Improved compilation of heredocs and interpolated strings. * Optimized out a couple of per-request syscalls. * Optimized digest generation in md5() and sha1() functions. * Fixed bug #41236 (Regression in timeout handling of non- blocking SSL connections during reads and writes) * Fixed bug #39542 (Behavior of require/include different to < 5.2.0) * Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler) * Fixed bug #41347 (checkdnsrr() segfaults on empty hostname) * Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input) * Fixed bug #41403 (json_decode cannot decode floats if localeconv decimal_point is not '.') * Fixed bug #41421 (Uncaught exception from a stream wrapper segfaults) * Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty string keys). * Over 40 bug fixes. For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here (http://www.php.net/migration52), detailing the changes between those releases and PHP 5.2.3. For a full list of changes in PHP 5.2.3, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.3). Ilia Alshanetsky 5.2 Release Master -- Warpstock 2007 - Where? http://www.warpstock.org Warpstock Europe - http://www.warpstock.net [Moderator's note: All posts are sent without guarantee to the accuracy of the content. We try to verify details and URLs but this is an entirely volunteer run list, so 100% fact checking and the quality/useability of products announced here is impossible. If you respond to this post please remove the DESPAM from the poster's email addresses. Please do not send requests for information about a specific post to the moderator unless it is an update or I sent it.] -- To unsubscribe yourself from this list, send the following message to majormajor at os2voice.org unsubscribe news your.email.address at here end Or, visit http://www.os2voice.org/MailingLists.html If you have an announcement you would like posted to the VOICE News list, please send it to submit at os2voice.org or go to http://www.os2voice.org/fSubNews.html . Please include a valid reply address and a real contact name. If you wish to comment on this post, please reply to feedback at os2voice.org