summaryrefslogtreecommitdiff
path: root/archivers
diff options
context:
space:
mode:
authorjlam <jlam@pkgsrc.org>2002-02-28 06:14:45 +0000
committerjlam <jlam@pkgsrc.org>2002-02-28 06:14:45 +0000
commit1cc929effe0b6922cc847d332aacc7f99609cd56 (patch)
treeaee1220fa95820b9fb781532bab52932f2b0c1a9 /archivers
parentaa484b2c1e6f071d90c8790c93f20d0f697a20ba (diff)
downloadpkgsrc-1cc929effe0b6922cc847d332aacc7f99609cd56.tar.gz
Update php4 and ap-php4 to 4.1.2. Changes from version 4.1.1 include:
- Fixed start up failure when mm save handler is used and there is multiple SAPIs are working at the same time. (Yasuo) - Fixed a buffer overflow in the RFC-1867 file upload code (Stefan) <===> SECURITY NOTE <===> Note that the buffer overflow fix is a major security fix. Quoting from the security advisory at: http://security.e-matters.de/advisories/012002.html "PHP supports multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. During our research we found out that not only PHP4 but also older versions from the PHP3 tree are vulnerable. [...] "If you are running PHP 4.0.3 or above one way to workaround these bugs is to disable the fileupload support within your php.ini (file_uploads = Off). If you are running php as module keep in mind to restart the webserver. Anyway you should better install the fixed or a properly patched version to be safe."
Diffstat (limited to 'archivers')
0 files changed, 0 insertions, 0 deletions