Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15829
Return-Path: <quanah@stanford.edu>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25397 invoked by uid 1010); 5 Apr 2005 22:30:39 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 25351 invoked by uid 1007); 5 Apr 2005 22:30:38 -0000
To: internals@lists.php.net, php-announce@lists.php.net
Date: Tue, 5 Apr 2005 15:30:37 -0700
Message-ID: <MPG.1cbcb158ecedaad0989681@news.php.net>
References: <424C709E.6000408@prohost.org>
Organization: Stanford University
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
User-Agent: MicroPlanet-Gravity/2.60.2060
X-Posted-By: 171.66.182.82
Subject: Re: PHP 4.3.11 & 5.0.4 Released!
From: quanah@stanford.edu (Quanah Gibson-Mount)

In article <424C709E.6000408@prohost.org>, ilia@prohost.org says...
> The PHP Development Team would like to announce the immediate release of 
> PHP 4.3.11 and 5.0.4.  These are maintenance releases that in addition 
> to fixing over 70 non-critical bugs, address several security issues. 
> The addressed security issues include fixes to the exif and fbsql 
> extensions, as well as fixes to unserialize(), swf_definepoly() and 
> getimagesize().
> 
> All users of PHP are strongly encouraged to upgrade to this release.
> 
> Aside from the above mentioned issues this release includes the 
> following important fixes:
> 
> * Crash in bzopen() if supplied path to non-existent file.
> * DOM crashing when attribute appended to Document.
> * unserialize() float problem on non-English locales.
> * Crash in msg_send() when non-string is stored without being serialized.
> * Possible infinite loop in imap_mail_compose().
> * Fixed crash in chunk_split(), when chunklen > strlen.
> * session_set_save_handler crashes PHP when supplied non-existent object 
> reference.
> * Memory leak in zend_language_scanner.c.
> * Compile failures of zend_strtod.c.
> * Fixed crash in overloaded objects & overload() function.
> * cURL functions bypass open_basedir.
> 
> The PHP Development Team would like to thank all the people who have 
> identified the security faults in PHP and helped us address them.

Hm, I thought this release was going to include bug #30819, after the 
discussion about that bug that was held on here... Is the fix for PHP's 
broken LDAP SASL behavior waiting on 5.1 instead?

--Quanah