Security Enhancements and Fixes in PHP 5.2.2 only

Posted on May 5th, 2007 by admin

Security Enhancements and Fixes in PHP 5.2.2 only

  • Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)
  • Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
  • Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
  • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)
  • Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)

Tags: open source software //

Discussion Area - Leave a Comment




« PHP 5.2.2 and PHP 4.4.7 Released Security Enhancements and Fixes in PHP 4.4.7 only »