These are the security fixes as shown in the current changelog at: http://www.php.net/ChangeLog-5.php
I chased down the CVS commit log messages against 5_2 for each of these. Most of the fixes look relatively compact, with the exception of the last, which is comparatively huge.
Version 5.2.6 01-May-2008 * Security Fixes * Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin) * http://marc.info/?l=php-cvs&m=120721829703242&w=2 * Properly address incomplete multibyte chars inside escapeshellcmd() (Ilia, Stefan Esser) * http://marc.info/?l=php-cvs&m=120579496007399&w=2 * Fixed security issue detailed in CVE-2008-0599. (Rasmus) * http://marc.info/?l=php-cvs&m=120415902925033&w=2 * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (Ilia) * http://marc.info/?l=php-cvs&m=119963956428826&w=2 * Upgraded PCRE to version 7.6 (Nuno) * http://marc.info/?l=php-cvs&m=120163838831816&w=2 * Note, this is a very LARGE patch
:-Dustin
These are the security fixes as shown in the current changelog at: www.php. net/ChangeLog- 5.php
http://
I chased down the CVS commit log messages against 5_2 for each of these.
Most of the fixes look relatively compact, with the exception of the
last, which is comparatively huge.
Version 5.2.6
(Andrei Nigmatulin)
* http:// marc.info/ ?l=php- cvs&m=120721829 703242& w=2
escapeshellcm d() (Ilia, Stefan Esser)
* http:// marc.info/ ?l=php- cvs&m=120579496 007399& w=2
* http:// marc.info/ ?l=php- cvs&m=120415902 925033& w=2
Maksymilian Arciemowicz. (Ilia)
* http:// marc.info/ ?l=php- cvs&m=119963956 428826& w=2
* http:// marc.info/ ?l=php- cvs&m=120163838 831816& w=2
* Note, this is a very LARGE patch
01-May-2008
* Security Fixes
* Fixed possible stack buffer overflow in FastCGI SAPI.
* Properly address incomplete multibyte chars inside
* Fixed security issue detailed in CVE-2008-0599. (Rasmus)
* Fixed a safe_mode bypass in cURL identified by
* Upgraded PCRE to version 7.6 (Nuno)
:-Dustin