PHP team has updated PHP 4 series with the latest update, PHP 4.4.8 that contains patches for PHP 4 series which still come even though PHP 5 has been around for some time. Here are the changelog for PHP 4.4.8:
* Improved fix for MOPB-02-2007.
* Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
* Fixed integer overlow in str[c]spn().
* Fixed regression in glob when open_basedir is on introduced by #41655 fix.
* Fixed money_format() not to accept multiple %i or %n tokens.
* Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
* Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.
* Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
* Fixed bug #43010 (Fixed regression in imagearc with two equivelent angles).
* Fixed bug #41765 (Recode crashes/does not work on amd64).
* Fixed bug #41630 (segfault when an invalid color index is present in the image data).
* Fixed bug #41628 (PHP settings leak between Virtual Hosts in Apache 1.3).
* Fixed bug #38798 (OpenSSL init corrected in php5 but not in php4).
It is good to know that updates for PHP4 are virtually at an end now (I think this was the last scheduled release) and we can all start concentrating on PHP5
ReplyDelete