php-Announce archive @ ASPN

ezmlm warning

Hi! This is the ezmlm program. I'm managing
the
php-announce@... mailing list.


Messages to you from the php-announce mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.

If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the php-announce mailing list,
without further notice.


I've kept a list of which messages from the php-announce mailing list have 
bounced from your address.

Copies of these messages may be in the archive.
To retrieve a set of messages 123-145 (a maximum of 100 per request),
send an empty message to:
   
Received: (qmail 23463 invoked by uid 1010); 3 May 2006 22:19:12 -0000
Delivered-To: ezmlm-scan-php-announce-return-62-php-Announce-ml=activestate.com@...
Delivered-To: ezmlm-php-announce-return-62-php-announce-ml=activestate.com@...
Received: (qmail 23448 invoked from network); 3 May 2006 22:19:12 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 May 2006 22:19:12 -0000
Return-Path: <>
X-PHP-List-Original-Sender: @
X-Host-Fingerprint: 209.17.183.249 gw.activestate.com Linux 2.4/2.6
Received: from ([209.17.183.249:56475] helo=listserv.activestate.com)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id EB/C1-63443-E5C29544 for

[ANNOUNCE] PHP 4.4.2 released!

Hello!

The PHP Development Team would like to announce the immediate release of 
PHP 4.4.2. This is a maintenance release that addresses a number of 
minor security problems and fixes a few regressions that shown up in PHP 
4.4.1. All users of PHP 4 are recommended to upgrade to PHP 4.4.2.

A separate release announcement is also available. For changes in PHP 
4.4.2 since PHP 4.4.1, please consult the PHP 4 ChangeLog. 

Release Announcement: http://www.php.net/release_4_4_2.php
Downloads:	      http://www.php.net/downloads.php#v4
Changelog:	      http://www.php.net/ChangeLog-4.php#4.4.2

regards,
Derick

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[ANNOUNCE] PHP 5.1.2 Released!

The PHP development team is proud to
announce the release of PHP 5.1.2.
This release combines small feature enhancements with a fair number of
bug fixes and addresses three security issues. All PHP 5 users are
encouraged to upgrade to this release.

The security issues resolved include the following:

* HTTP Response Splitting has been addressed in ext/session and in the
header() function. Header() can no longer be used to send multiple
response headers in a single call.
* Format string vulnerability in ext/mysqli.
* Possible cross-site scripting problems in certain error conditions.

The feature enhancements include the following notables:

* Hash extension was added to core and is now enabled by default. This
extension provides support for most common hashing algorithms without
reliance on 3rd party libraries.
* XMLWriter was added and enabled by default.
* New OCI8 extension that includes numerous fixes.
* PNG compression support added to the GD extension.
* Added --enable-gcov configure option to enable C-level code coverage.
* getNamespaces() and getDocNamespaces() methods added to SimpleXML
extension.

The release also includes over 85 bug fixes with a focus on:

* Correction of the many regressions in the strtotime() function.
* Fixes of several crashes, leaks and memory corruptions found in the
imap, pdo, gd, mysqli, mcrypt and soap extensions.
* Corrected problems with the usage of SSI and virtual() in the Apache2
SAPI.
* Build fixes for iconv and sybase_ct extensions.
* Fixed the previously broken Sun(rise|set) functions.
* SQLite libraries upgraded to 2.8.17 and 3.2.8
* Win32 binaries now include libxml2-2.6.22 and libxslt-1.1.15.

The full details of the changes in PHP 5.1.2 can be found here:
http://www.php.net/ChangeLog-5.php#5.1.2


PHP Development Team.

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[ANNOUNCE] PHP 5.1.1 Released!

The PHP Development Team would like to
announce the immediate release of
PHP 5.1.1.

This is a regression correction release aimed at addressing several
issues that may cause issues for some applications. The main fixes
found in this release include the following:

* Native date class is withdrawn to prevent namespace conflict with
PEAR's date package.
* Fixed fatal parse error when the last line of the script is a PHP comment.
* eval() hangs when the code being evaluated ends with a comment.
* Usage of \{$var} in PHP 5.1.0 resulted in the output of {$var} instead
of the $var variable's value enclosed in {}.
* Fixed inconsistency in the format of PHP_AUTH_DIGEST between Apache 1
and 2 sapis.
* Improved safe_mode/open_basedir checks inside the cURL extension.

The full details of the changes in PHP 5.1.1 can be found here:
http://www.php.net/ChangeLog-5.php#5.1.1


PHP Development Team.

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[ANNOUNCE] Proposed 5.1 Release Announcement

The PHP development team is proud to
announce the release of PHP 5.1.
Some of the key features of PHP 5.1 include:

* A complete rewrite of date handling code, with improved timezone support.
* Significant performance improvements compared to PHP 5.0.X.
* PDO extension is now enabled by default.
* Over 30 new functions in various extensions and built-in functionality.
* Bundled libraries, PCRE and SQLite upgraded to latest versions.
* Over 400 various bug fixes.
* PEAR upgraded to version 1.4.5

The full details of the changes in PHP 5.1.0 can be found here:
http://www.php.net/ChangeLog-5.php#5.1.0

In addition to new features, this release includes a number of important
security fixes:

* Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo() that
could lead f.e. to cookie exposure, when a phpinfo() script is
accidentally left on a production server.
* Fixed multiple safe_mode/open_basedir bypass vulnerabilities in
ext/curl and ext/gd that could lead to exposure of files normally not
accessible due to safe_mode or open_basedir restrictions.
* Fixed a possible $GLOBALS overwrite problem in file upload handling,
extract() and import_request_variables() that could lead to unexpected
security holes in scripts assumed secure. (For more information, see here).
* Fixed a problem when a request was terminated due to memory_limit
constraints during certain parse_str() calls. In some cases this can
result in register_globals being turned on.
* Fixed an issue with trailing slashes in allowed basedirs. They were
ignored by open_basedir checks, so that specified basedirs were handled
as prefixes and not as full directory names.
* Fixed an issue with calling virtual() on Apache 2. This allowed
bypassing of certain configuration directives like safe_mode or
open_basedir.
* Updated to the latest pcrelib to fix a possible integer overflow
vulnerability announced in CAN-2005-2491.
* Possible header injection in mb_send_mail() function via the �??To�??
address, the first parameter of the function.

All users of PHP 5.0 and early adopters of 5.1 betas are strongly
advised to upgrade to 5.1 as soon as possible. An upgrade is available
at http://www.php.net/README_UPGRADE_51.php.

Enjoy,

PHP Development Team.

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[ANNOUNCE] PHP 4.4.1 has been released

Hello!

PHP 4.4.1 is now available for download [1]. This version is a 
maintenance release, that contains numerous bug fixes, including a 
number of security fixes related to the overwriting of the GLOBALS 
array. All users of PHP 4.3 and 4.4 are encouraged to upgrade to this 
version.

The full list of changes in PHP 4.4.1 is available in the PHP 4 
ChangeLog [2] and a list with the most important changes is available 
through the release announcement [3].

[1] http://php.net/downloads.php#v4
[2] http://php.net/ChangeLog-4.php#4.1.1
[3] http://php.net/release_4_4_1.php

regards,
Derick

-- 
http://derickrethans.nl | http://ez.no | http://xdebug.org

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[ANNOUNCE] PHP 4.4.0 Released!

Hello!

The PHP Development Team would like to announce the immediate release of 
PHP 4.4.0. This is a maintenance release that addresses a serious memory 
corruption problem within PHP concerning references. If references were 
used in a wrong way, PHP would often create memory corruptions which 
would not always surface and be visible. The increased middle digit was 
required because the fix that corrected the problem with references 
changed PHP's internal API. PHP 4.4.0 does not have any new features, 
and is solely a bugfix release.

A separate release announcement is also available. For changes in PHP 
4.4.0 since PHP 4.3.11, please consult the PHP 4 ChangeLog. 

Release Announcement: http://www.php.net/release_4_4_0.php
Downloads:	      http://www.php.net/downloads.php#v4
Changelog:	      http://www.php.net/ChangeLog-4.php#4.4.0

regards,
Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[ANNOUNCE] PHP 4.3.11 & 5.0.4 Released!

The PHP Development Team would like to
announce the immediate release of 
PHP 4.3.11 and 5.0.4.  These are maintenance releases that in addition 
to fixing over 70 non-critical bugs, address several security issues. 
The addressed security issues include fixes to the exif and fbsql 
extensions, as well as fixes to unserialize(), swf_definepoly() and 
getimagesize().

All users of PHP are strongly encouraged to upgrade to this release.

Aside from the above mentioned issues this release includes the 
following important fixes:

* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object 
reference.
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.

The PHP Development Team would like to thank all the people who have 
identified the security faults in PHP and helped us address them.

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[ANNOUNCE] PHP 4.3.10 & 5.0.3 Released!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

PHP Development Team would like to announce the immediate release of PHP
4.3.10 and 5.0.3. These are maintenance releases that in addition to
non-critical bug fixes address several very serious security issues.

These include the following:

CAN-2004-1018 - shmop_write() out of bounds memory write access.
CAN-2004-1018 - integer overflow/underflow in pack() and unpack() functions.
CAN-2004-1019 - possible information disclosure, double free and
negative reference index array underflow in deserialization code.
CAN-2004-1020 - addslashes not escaping \0 correctly.
CAN-2004-1063 - safe_mode execution directory bypass.
CAN-2004-1064 - arbitrary file access through path truncation.
CAN-2004-1065 - exif_read_data() overflow on long sectionname.
magic_quotes_gpc could lead to one level directory traversal with file
uploads.

All Users of PHP are strongly encouraged to upgrade to this release as
soon as possible.

Aside from the above mentioned issues this release includes the
following important fixes:

* Possible crash inside ftp_get().
* get_current_user() crashes on Windows.
* Possible crash in ctype_digit on large numbers.
* Crash when parsing ?getvariable[][.
* Possible crash in the curl_getinfo() function.
* Double free when openssl_csr_new fails.
* Crash when using unknown/unsupported session.save_handler and/or
session.serialize_handler.
* Prevent infinite recursion in url redirection.
* Ensure that temporary files created by GD are removed.
* Crash in fgetcsv() with negative length. (PHP 4 only)
* Improved performance of the foreach() construct. (PHP 4 only)
* Improved number handling on non-English locales.

PHP Development Team would like to thank all the people who have
identified the security faults in PHP and helped us to address them.


PHP Development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFBwKX6LKekh381/CERAvGXAJ0Z4bSEh1tb4uI5zW+XGmrvWLG+MACdG9yP
wqZ9fG0shu14u1bRshswk18=
=y2xQ
-----END PGP SIGNATURE-----

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

php-Announce archive @ ASPN

ezmlm warning

[ANNOUNCE] PHP 4.4.2 released!

[ANNOUNCE] PHP 5.1.2 Released!

[ANNOUNCE] PHP 5.1.1 Released!

[ANNOUNCE] Proposed 5.1 Release Announcement

[ANNOUNCE] PHP 4.4.1 has been released

[ANNOUNCE] PHP 4.4.0 Released!

[ANNOUNCE] PHP 4.3.11 & 5.0.4 Released!

[ANNOUNCE] PHP 4.3.10 & 5.0.3 Released!

Test 3