1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-27 00:57:50 +00:00
freebsd-ports/lang/php52
Florian Smeets abbf32d4b2 - Update backports patch to 20121114
- Bump PORTREVISION

Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function

Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len

- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.

- Timezone database updated to version 2012.9 (2012i)

PR:		ports/173685
Submitted by:	Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
Approved by:	maintainer
Feature safe:	yes
2012-11-25 15:42:22 +00:00
..
files
distinfo - Update backports patch to 20121114 2012-11-25 15:42:22 +00:00
Makefile - Update backports patch to 20121114 2012-11-25 15:42:22 +00:00
Makefile.ext
pkg-descr
pkg-message.mod
pkg-plist