From cdab7af12d49aa22afa13097a818f9e2ca5f75ad Mon Sep 17 00:00:00 2001 From: adrianp Date: Thu, 10 Aug 2006 23:01:39 +0000 Subject: Update to 4.4.3 All PHP 4.x users are encouraged to upgrade to this release as soon as possible. The security issues resolved include the following: * Disallow certain characters in session names. * Fixed a buffer overflow inside the wordwrap() function. * Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. * Improved safe_mode check for the error_log() function. * Fixed cross-site scripting inside the phpinfo() function. The release also includes about 20 bug fixes and an upgraded PCRE library (version 6.6). For a full list of changes in PHP 4.4.3, see the ChangeLog: http://www.php.net/ChangeLog-4.php#4.4.3 This also contains a fix for CVE-2006-4020 (SA21403) --- www/php4/files/pear.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'www/php4/files') diff --git a/www/php4/files/pear.sh b/www/php4/files/pear.sh index 935673a3e87..1c49ab1df01 100644 --- a/www/php4/files/pear.sh +++ b/www/php4/files/pear.sh @@ -25,4 +25,4 @@ else fi fi -exec $PHP -C -q $INCARG -d output_buffering=1 -dmemory_limit=12M $INCDIR/pearcmd.php "$@" +exec $PHP -C -q $INCARG -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit=12M $INCDIR/pearcmd.php "$@" -- cgit v1.2.3