Sunday, January 06, 2008

PHP 4 Updated

PHP team has updated PHP 4 series with the latest update, PHP 4.4.8 that contains patches for PHP 4 series which still come even though PHP 5 has been around for some time. Here are the changelog for PHP 4.4.8:
* Improved fix for MOPB-02-2007.

* Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.

* Fixed integer overlow in str[c]spn().

* Fixed regression in glob when open_basedir is on introduced by #41655 fix.

* Fixed money_format() not to accept multiple %i or %n tokens.

* Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.

* Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.

* Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).

* Fixed bug #43010 (Fixed regression in imagearc with two equivelent angles).

* Fixed bug #41765 (Recode crashes/does not work on amd64).

* Fixed bug #41630 (segfault when an invalid color index is present in the image data).

* Fixed bug #41628 (PHP settings leak between Virtual Hosts in Apache 1.3).

* Fixed bug #38798 (OpenSSL init corrected in php5 but not in php4).