PHP发布5.4.4 和 5.3.14版本涉及安全更新
2012-06-17 23:53:02   来源:我爱运维网   评论:0 点击:

2012-06-15新发布了PHP的5.4.14和5.3.14版本。上个版本是2012-05-08的5.4.3/5.3.13.本次新版延修复了多个及安全漏洞及修正30多处Bugs。完整...

2012-06-15新发布了PHP的5.4.14和5.3.14版本。上个版本是2012-05-08的5.4.3/5.3.13.本次新版延修复了多个及安全漏洞及修正30多处Bugs。

完整的变更摘要:

版本5.4.4

 

  • CLI SAPI
    • Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions)
    • Improved performance while sending error page, this also 修复bug 修复bug#61785 (Memory leak when access a non-exists file without router)
    • 修复bug #61546 (functions related to current script failed when chdir() in cli sapi)
  • Core
    • 修复missing bound check in iptcparse()
    • 修复CVE-2012-2143
    • 修复bug #62097 (fix for for bug #54547)
    • 修复bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
    • 修复bug #61978 (Object recursion not detected for classes that implement JsonSerializable)
    • 修复bug #61991 (long overflow in realpath_cache_get())
    • 修复bug #61922 (ZTS build doesn't accept zend.script_encoding config)
    • 修复bug #61827 (incorrect \e processing on Windows)
    • 修复bug #61782 (__clone/__destruct do not match other methods when checking access controls)
    • 修复bug #61761 ('Overriding' a private static method with a different signature causes crash)
    • 修复bug #61730 (Segfault from array_walk modifying an array passed by reference)
    • 修复bug #61728 (PHP crash when calling ob_start in request_shutdown phase)
    • 修复bug #61660 (bin2hex(hex2bin($data)) != $data)
    • 修复bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2))
    • 修复bug #61605 (header_remove() does not remove all headers)
    • 修复bug #54547 (wrong equality of string numbers)
    • 修复bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null)
    • Changed php://fd to be available only for CLI
  • CURL
    • 修复bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
  • COM
    • 修复bug #62146 com_dotnet cannot be built shared
  • Fileinfo
    • 修复bug #61812 (Uninitialised value used in libmagic)
  • FPM
    • 修复bug #61812 (Uninitialised value used in libmagic)
    • 修复bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
    • 修复bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read()
  • Intl
    • 修复bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()
  • JSON
    • 修复bug #61537 (json_encode() incorrectly truncates/discards information)
  • LibXML
    • 修复bug #61617 (Libxml tests failed(ht is already destroyed))
  • PDO
    • 修复bug #61755 (A parsing bug in the prepared statements can lead to access violations)
  • Phar
    • 修复bug #61065 (Secunia SA44335) (CVE-2012-2386)
  • Streams
    • 修复bug #61961 (file_get_contents leaks when access empty file with maxlen set)
  • zlib
    • 修复bug #61820 (using ob_gzhandler will complain about headers already sent when no compression)
    • 修复bug #61443 (can't change zlib.output_compression on the fly)
    • 修复bug #60761 (zlib.output_compression fails on refresh)

 

版本5.3.14

 

  • CLI SAPI
    • 修复bug #61546 (functions related to current script failed when chdir() in cli sapi)
  • Core
    • 修复CVE-2012-2143
    • 修复bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
    • 修复bug #61730 (Segfault from array_walk modifying an array passed by reference)
    • 修复missing bound check in iptcparse()
    • 修复bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64)
    • 修复bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null)
    • 修复bug #61713 (Logic error in charset detection for htmlentities)
    • 修复bug #61991 (long overflow in realpath_cache_get())
    • Changed php://fd to be available only for CLI.
  • CURL
    • 修复bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
  • COM
    • 修复bug #62146 com_dotnet cannot be built shared
  • Fileinfo
    • 修复bug #61812 (Uninitialised value used in libmagic)
  • Intl
    • 修复bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()
  • JSON
    • 修复bug #61537 (json_encode() incorrectly truncates/discards information)
  • PDO
    • 修复bug #61755 (A parsing bug in the prepared statements can lead to access violations)
  • Phar
    • 修复bug #61065 (Secunia SA44335)
  • Streams
    • 修复bug #61961 (file_get_contents leaks when access empty file with maxlen set)

PHP的5.4.14和5.3.14版本下载链接:

http://cn.php.net/distributions/php-5.4.4.tar.bz2

http://cn.php.net/distributions/php-5.3.14.tar.bz2

相关热词搜索:php 发布 安全

上一篇:Linux 内核发布 3.5 RC3 版本
下一篇:Zabbix 2.0.1 正式版发布

分享到: 收藏
评论排行