[arch-general] [Warning] Update your php installation
Pierre Schmitz
pierre at archlinux.de
Sun Dec 7 06:52:45 EST 2008
Hi all,
I wrote this mail to avoid any confusion about the last two updates of the php
package. For the lazy ones: Make sure to update to php-5.2.7-2
In detail: php-5.2.7-1 fixes some security issues. Imho the most serious one
is the following described by Stefan Esser:
http://www.suspekt.org/2008/12/05/php-527-and-ziparchiveextractto/
Other important changes are summarized in the official changelog which can be
found at: http://www.php.net/releases/5_2_7.php
Yesterday Jürgen Hötzel noticed that this new version of php breaks
magic_quote_gpc. (http://bugs.php.net/bug.php?id=46759) Well, it does not
quote anything when enabled.
Even though magic_quotes are disabled by default and shouldn't be used at all,
this is a serious bug for those who still use apps that rely on this feature.
I fixed this bug with the php-5.2.7-2 package. Especially those who have
magic_quotes enabled should update to this version. Maybe there will be
another upstream release soon.
Pierre
--
Pierre Schmitz
Clemens-August-Straße 76
53115 Bonn
Telefon 0228 9716608
Mobil 0160 95269831
Jabber pierre at jabber.archlinux.de
WWW http://www.archlinux.de
More information about the arch-general
mailing list