Newsgroups: php.announce,php.internals Path: news.php.net Xref: news.php.net php.announce:55 php.internals:15708 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 39062 invoked by uid 1010); 31 Mar 2005 21:51:27 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 38750 invoked from network); 31 Mar 2005 21:51:11 -0000 Received: from unknown (HELO centras.lt) (127.0.0.1) by localhost with SMTP; 31 Mar 2005 21:51:11 -0000 X-Host-Fingerprint: 70.85.46.36 unknown Received: from ([70.85.46.36:34506] helo=prohost.org) by pb1.pair.com (ecelerity HEAD r(5268)) with SMTP id 67/65-22409-FC07C424 for ; Thu, 31 Mar 2005 16:51:11 -0500 Received: (qmail 3927 invoked from network); 31 Mar 2005 21:50:23 -0000 Received: from host.239.172.mtl.residential.vdn.ca (HELO ?192.168.26.12?) (64.254.239.172) by prohost.org with SMTP; 31 Mar 2005 21:50:23 -0000 Message-ID: <424C709E.6000408@prohost.org> Date: Thu, 31 Mar 2005 16:50:22 -0500 User-Agent: Mozilla Thunderbird 1.0 - [MOOX M3] (Windows/20041208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: php-announce@lists.php.net, PHP Internals List , general@lists.php.net X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: PHP 4.3.11 & 5.0.4 Released! From: ilia@prohost.org (Ilia Alshanetsky) The PHP Development Team would like to announce the immediate release of PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition to fixing over 70 non-critical bugs, address several security issues. The addressed security issues include fixes to the exif and fbsql extensions, as well as fixes to unserialize(), swf_definepoly() and getimagesize(). All users of PHP are strongly encouraged to upgrade to this release. Aside from the above mentioned issues this release includes the following important fixes: * Crash in bzopen() if supplied path to non-existent file. * DOM crashing when attribute appended to Document. * unserialize() float problem on non-English locales. * Crash in msg_send() when non-string is stored without being serialized. * Possible infinite loop in imap_mail_compose(). * Fixed crash in chunk_split(), when chunklen > strlen. * session_set_save_handler crashes PHP when supplied non-existent object reference. * Memory leak in zend_language_scanner.c. * Compile failures of zend_strtod.c. * Fixed crash in overloaded objects & overload() function. * cURL functions bypass open_basedir. The PHP Development Team would like to thank all the people who have identified the security faults in PHP and helped us address them.