#08-01 [@,PC]PHP 4 最後のリリース(になるか?)
PHP 4.4.9 released!出ちゃったよ…。changelogは以下のみ。
07-Aug-2008
- Updated PCRE to version 7.7.
- Fixed overflow in memnstr().
- Fixed crash in imageloadfont when an invalid font is given.
- Fixed open_basedir handling issue in the curl extension.
- Fixed bug #37421 (mbstring.func_overload set in .htaccess becomes global).
判明した分は以下に。
- Updated PCRE to version 7.7. - CVE-2008-2371 'DoS or execute arbitrary code' patched.
- CVE-2007-3799 cookie injection in session has NOT patched.
- CVE-2007-4850 cURL safe_mode bypass has NOT patched.
- CVE-2008-1384 integer overflow in printf() has NOT patched.
- CVE-2008-2051 checking argument number of escapeshellcmd() and escapeshellarg() has NOT patched.
- CVE-2008-2829 buffer overflow in IMAP request has NOT patched.
- #bug44720 prevent crash within session_register() has NOT patched.
- #bug44667 proc_open() does not handle pipes with the mode 'wb' has NOT patched.
$ diff -rubN -x NEWS -x configure -x pcre -x win32\* php4-4.4.8/php-4.4.8/ php4-4.4.9/php-4.4.9/ | diffstat Zend/zend_multibyte.c | 5 ++++- configure.in | 4 ++-- ext/curl/curl.c | 5 +++-- ext/domxml/domxml.dsp | 8 ++++---- ext/gd/gd.c | 15 ++++++++++++++- ext/gd/tests/imageloadfont_invalid.phpt | 26 ++++++++++++++++++++++++++ ext/mbstring/mbstring.c | 9 +++++++-- ext/standard/php_string.h | 6 +++++- ext/standard/tests/strings/explode_bug.phpt | 15 +++++++++++++++ main/php_compat.h | 4 ++-- main/php_version.h | 4 ++-- 11 files changed, 84 insertions(+), 17 deletions(-)とりあえずこんなとこです。あ、configure\* にすればよかった…
