Update 5.2.2

* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
  (MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
  (MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
  (MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
  (MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
  (by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
  library. (by Stanislav Malyshev)
* Fixed a header injection via Subject and To parameters to the mail() function
  (MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
* Fixed substr_compare and substr_count information leak
  (MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside make_http_soap_request()
  (by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create().
  (by Ilia Alshanetsky)

1 files changed, 1 insertions, 2 deletions

diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index dae6b65fe78..d7925821c54 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.50 2007/05/05 21:45:12 adrianp Exp $
+# $NetBSD: Makefile,v 1.51 2007/05/06 20:07:28 adrianp Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		3
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/