php

php 5.2.14

PHP5 is an HTML-embedded scripting language. The goal of the language is to allow web developers to write dynamically generated pages quickly

http://www.php.net

Packager: Gökhan Özbulak

License: PHP

Actions

Build files

Bug reports

Binary packages

php-common
php-cli
mod_php

Release history

ReleaseRelease dateVersionUpdaterComment
942011-06-145.2.14Gökhan ÖzbulakFix file path injection occurring when upload file with path including '/' at the very beginning (pb#18383)
932011-05-275.2.14Gökhan ÖzbulakFix stack buffer overflow in socket_connect caused by too long address passing (pb#18212)
922011-04-135.2.14Gökhan ÖzbulakFix use_after_free vulnerability in substr_replace function
912011-04-045.2.14Gökhan ÖzbulakGuard the usage of randomly initialized local variables in mt_rand function
902011-03-245.2.14Gökhan ÖzbulakFix buffer overflow in strval function
892011-03-235.2.14Gökhan ÖzbulakFix integer overflow in SdnToJulian function
882011-03-145.2.14Gökhan ÖzbulakFix integer overflow in shmop_read function
872011-02-165.2.14Gökhan ÖzbulakFix the security vulnerability
- CVE-2011-0753 : denial of service caused by a race condition occurred in pcntl extension
862011-02-085.2.14Gökhan ÖzbulakFix the security vulnerability
- CVE-2011-0755 : integer overflow in mt_rand function
852011-02-045.2.14Gökhan ÖzbulakFix the security vulnerability
- CVE-2011-0752 : no overwrite $GLOBALS and $this when using EXTR_OVERWRITE in extract function
842011-01-285.2.14Gökhan ÖzbulakFix the security vulnerability
- CVE-2010-4697 : use-after-free in zend engine
832011-01-275.2.14Gökhan ÖzbulakFix the security vulnerability
- CVE-2010-4698 : stack buffer overflow in imagepstext
822011-01-155.2.14Gökhan ÖzbulakFix the security vulnerability
- CVE-2010-3709 : denial of service in getArchiveComment
812010-12-225.2.14Gökhan ÖzbulakFix multiple security vulnerabilities
- CVE-2010-4150 : double free in imap extension
- CVE-2010-3710 : denial of service in filter_var()
802010-10-315.2.14Erdem BayerSplit cli and apache config file locations
792010-08-035.2.14Eren Türkay- Version bump to fix multiple vulnerabilities. (#13890)
782010-05-075.2.13Eren Türkay- Add patch to fix unsafe unserialize() remote code execution (CVE-2010-2225, #13644)
- Enable OpenSSL support
- Add autoconf-2.65 patch to fix configure error when using diversion
772010-05-035.2.13Ahmet AYGÜNAdded PDO support for mysql and pgsql.
762010-03-025.2.13Eren Türkay* Version bump to fix 3 security vulnerabilities (#12363)
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
- Improved LCG entropy. (Rasmus, Samy Kamkar)
752009-12-215.2.12Eren TürkayVersion bump to fix 2 security vulnerabilities. (#11742)

- Protection for $_SESSION from interrupt corruption and improved "session.save_path" check (CVE-2009-4143)
- Insufficient input string validation of htmlspecialchars() (CVE-2009-4142)
742009-11-225.2.11Eren TürkayFix 3 important security vulnerabilities:

- It's possible to cause DOS with requests containing 160.000+ file uploads, limit max_uploads to 20. (#11580)
- Safe_mode bypass in tempnam() (CVE-2009-3557)
- Open_basedir bypass in posix_mkfifo() (CVE-2009-2558)
732009-10-215.2.11Eren TürkayAdd patch to fix buffer overflow in _gdGetColors function, CVE-2009-3546
722009-09-235.2.11Taner TaşBugfix and security release for multiple vulnerabilities (CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, Bug#11209)
712009-09-045.2.10Taner TaşUpdate suhosin patch (Bug#10303)
702009-06-295.2.10Pınar YanardağUpdate go-pear to 1.119.
692009-06-225.2.10Pınar YanardağVersion bump to fix Denial of Service in exif_read_data() (#10062).
682009-03-015.2.9Pınar YanardağVersion bump to fix multiple Denial of Service vulnerabilities (bug#9306).
672008-12-125.2.8Pınar YanardağVersion bump to fix multiple vulnerabilities.
662008-12-055.2.7Pınar YanardağVersion bump to fix multiple vulnerabilities (bug#8784)
652008-08-115.2.6Pınar YanardağSecurity fixes for imageloadfont() and memnstr() which might allow for arbitrary code execution.
642008-07-125.2.6Gökmen GörgenEnable mcrypt support.
632008-07-095.2.6Eren TürkayEnable cgi/fastcgi support.
622008-05-245.2.6Eren TürkayEdit libxml2 dependency. PHP should depend on the latest one.
612008-05-055.2.6Eren TürkayVersion bump and enable ctypes module. This release includes 5 security fixes: http://www.php.net/ChangeLog-5.php
602008-03-215.2.5Gökçen EraslanFix for printf() integer overflow
592008-02-205.2.5Bahadır KandemirAdd go-pear application.
582007-12-235.2.5İsmail DönmezUpdate to Suhosin 0.9.22
572007-11-115.2.5İsmail DönmezStable update
562007-11-055.2.4İsmail DönmezFix PHP bug #43121
552007-08-315.2.4İsmail DönmezStable update to fix multiple vulnerabilities
542007-07-105.2.3İsmail DönmezAdd proper fix for MOPB-29-2007
532007-06-095.2.3İsmail DönmezFix multiple holes
522007-06-035.2.3İsmail DönmezFix CVE-2007-2872
512007-06-015.2.3İsmail DönmezStable update
502007-05-305.2.2İsmail DönmezFix integer overflow in chunk_split()
492007-05-275.2.2İsmail DönmezFix open_basedir/safe_mode bypass inside realpath()
482007-05-225.2.2İsmail DönmezFix CVE-2007-2756
472007-05-205.2.2İsmail DönmezUpdate suhosin extension
462007-05-105.2.2İsmail DönmezFix security weakness in SOAP extension
452007-05-055.2.2İsmail DönmezFix MOPB-2007-45
442007-05-045.2.2İsmail DönmezStable update
432007-04-015.2.1Ahmet AYGÜNDependency fix.
422007-03-305.2.1İsmail DönmezFix MOPB-34-2007
412007-03-275.2.1İsmail DönmezFix MOPB-33-2007
402007-03-235.2.1İsmail DönmezFix http://www.securityfocus.com/archive/1/463596
392007-03-235.2.1İsmail DönmezFix MOPB-29-2007
382007-03-185.2.1İsmail DönmezFix MOPB-26-2007
372007-03-165.2.1İsmail DönmezFix MOPB-24-2007
362007-03-155.2.1İsmail DönmezFix MOPB-22-2007
352007-03-145.2.1İsmail DönmezFix MOPB-20-2007 and MOPB-21-2007
342007-03-105.2.1İsmail DönmezFix CVE-2007-1001 and improve last two patches
332007-03-095.2.1İsmail DönmezFix http://www.wisec.it/vulns.php?id=10
322007-03-075.2.1İsmail DönmezFix MOPB-14-2007
312007-03-065.2.1İsmail DönmezProvide php-cli package again
302007-03-055.2.1İsmail DönmezPut suhosin inside as an extension
292007-03-055.2.1İsmail DönmezUse suhosin as an extension
282007-02-135.2.1İsmail DönmezFix http://marc.theaimsgroup.com/?l=php-dev&m=117104930526516&w=2
272007-02-105.2.1Eren TürkayAdd postgresql-lib dependency
262007-02-095.2.1İsmail DönmezStable update to fix multiple vulnerabilities
252007-02-075.2.0İsmail DönmezFix CVE-2007-0455
242007-01-205.2.0Bahadır KandemirPostgreSQL support
232006-12-205.2.0İsmail DönmezFix session.save_path open_basedir bypass
222006-11-205.2.0Bahadır KandemirFixed PEAR path and dependencies, removed XPM support.
212006-11-045.2.0Bahadır KandemirFixed extension path
202006-11-045.2.0Bahadır KandemirFixed php.ini path
192006-11-045.2.0Bahadır KandemirNew release
182006-11-025.1.6İsmail DönmezFix CVE-2006-5465
172006-10-105.1.6Bahadır KandemirSuhosin Patch
162006-10-095.1.6Ahmet AYGÜNfix mail() function
152006-10-095.1.6İsmail DönmezFix CVE-2006-4625
142006-10-045.1.6İsmail DönmezPrevent possible overflow in _ecalloc (CVE-2006-4812)
132006-09-265.1.6Ahmet AYGÜNAdd ldap support, #3611.
122006-08-265.1.6Ahmet AYGÜNVersion bump.
112006-08-235.1.5Ahmet AYGÜNVersion bump.
102006-08-075.1.4Bahadır KandemirFix for sccanf arbitary code execution vulnerablity.
92006-07-105.1.4Bahadır KandemirFixed wrong dep.
82006-06-135.1.4İsmail DönmezFix CVE-2006-2660
72006-05-275.1.4İsmail DönmezFix CVE-2006-2563
62006-05-065.1.4İsmail DönmezBugfix update
52006-05-045.1.3İsmail DönmezBugfix update
42006-04-185.1.2İsmail DönmezFix CVE-2006-0996,CVE-2006-1017,CVE-2006-1494 and CVE-2006-1608
32006-04-095.1.2Bahadır KandemirFixed to install missing php.ini
22006-03-255.1.2Ahmet AYGÜNcomar script added.
12006-01-095.1.2Ahmet AYGÜNFirst release.

Patches

file_path_injection_in_rfc1867.patch
stack_buffer_overflow_in_socket_connect.patch
use_after_free_in_substr_replace.patch
buffer_overflow_in_strval.patch
int_overflow_in_SdnToJulian.patch
int_overflow_in_shmop_read.patch
denial_of_service_in_pcntl_ext.patch
int_overflow_in_mt_rand.patch
use_of_uninitialized_vars_in_mt_rand.patch
no_overwrite_for_GLOBALS_and_this_in_extract.patch
use_after_free_in_zend.patch
stack_buffer_overflow_in_imagepstext.patch
denial_of_service_in_getArchiveComment.patch
denial_of_service_in_filter_var.patch
double_free_in_imap.patch
php5-imap-symlink.diff
php5.2.0-mysqli-readmycnf.patch
php5.2.0-mysql-readmycnf.patch
use-devurandom.patch
suhosin-patch-5.2.14-0.9.7.patch.gz
system-timezone.patch
autoconf-2.65.patch