The PHP development team reports:
Security Enhancements and Fixes in PHP 5.2.2 and PHP
4.4.7:
- Fixed CVE-2007-1001, GD wbmp used with invalid image
size
- Fixed asciiz byte truncation inside mail()
- Fixed a bug in mb_parse_str() that can be used to
activate register_globals
- Fixed unallocated memory access/double free in in
array_user_key_compare()
- Fixed a double free inside session_regenerate_id()
- Added missing open_basedir & safe_mode checks to zip://
and bzip:// wrappers.
- Limit nesting level of input variables with
max_input_nesting_level as fix for.
- Fixed CRLF injection inside ftp_putcmd().
- Fixed a possible super-global overwrite inside
import_request_variables().
- Fixed a remotely trigger-able buffer overflow inside
bundled libxmlrpc library.
Security Enhancements and Fixes in PHP 5.2.2 only:
- Fixed a header injection via Subject and To parameters
to the mail() function
- Fixed wrong length calculation in unserialize S
type.
- Fixed substr_compare and substr_count information
leak.
- Fixed a remotely trigger-able buffer overflow inside
make_http_soap_request().
- Fixed a buffer overflow inside
user_filter_factory_create().
Security Enhancements and Fixes in PHP 4.4.7 only: