[BLFS Trac] #3203: PHP-5.3.4 (was: PHP-5.3.3)

BLFS Trac trac at linuxfromscratch.org
Mon Jan 3 09:07:34 PST 2011

#3203: PHP-5.3.4
 Reporter:  randy@…                     |       Owner:  blfs-book@…                   
     Type:  task                        |      Status:  new                           
 Priority:  high                        |   Milestone:  6.7                           
Component:  BOOK                        |     Version:  SVN                           
 Severity:  major                       |    Keywords:                                
Changes (by randy@…):

  * owner:  randy@… => blfs-book@…
  * status:  assigned => new

Old description:

> Version increment to 5.3.3
> http://us2.php.net/
> Quoted from the above URL:
> "The PHP development team would like to announce the immediate
> availability of PHP 5.3.3. This release focuses on improving the
> stability and security of the PHP 5.3.x branch with over 100 bug fixes,
> some of which are security related. All users are encouraged to upgrade
> to this release."

New description:

 Version increment to 5.3.4


 Quoted from the above URL:
 Security Enhancements and Fixes in PHP 5.3.4:

     * Fixed crash in zip extract method (possible CWE-170).
     * Paths with NULL in them (foo\0bar.txt) are now considered as invalid
     * Fixed a possible double free in imap extension (Identified by
 Mateusz Kocielski). (CVE-2010-4150).
     * Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
     * Fixed possible flaw in open_basedir (CVE-2010-3436).
     * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
     * Fixed symbolic resolution support when the target is a DFS share.
     * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
 with large amount of data) (CVE-2010-3710).



 Updated BLFS to PHP-5.3.3. Since my installation, 5.3.4 has been released.
 Both versions require additional dependencies (not listed in the 5.3.3
 update as it will be short-lived).

 several non-free web-servers (probably not worth mentioning)
 the "lemon" parser in the "tools" subdir of the SQLite tarball

Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3203#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch

More information about the blfs-book mailing list