diff options
| author | Ondřej Surý <ondrej@sury.org> | 2011-07-04 12:12:44 +0200 |
|---|---|---|
| committer | Ondřej Surý <ondrej@sury.org> | 2011-07-04 12:44:52 +0200 |
| commit | 8792636b0110fe5d6a084ad8648b3a39421263bd (patch) | |
| tree | bc7091819c4b0a12b823af242810e59b5566f286 | |
| parent | 171b54ef968595699a53df1addbc58b865ef0c4c (diff) | |
| download | php-debian/5.3.6-13.tar.gz | |
prepare 5.3.6-13 releasedebian/5.3.6-13
| -rw-r--r-- | debian/changelog | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index d1ab22798..86a34d2ac 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +php5 (5.3.6-13) unstable; urgency=low + + * Fix CVE-2011-2483: 8-bit character mishandling allows different + password pairs to produce the same hash (Closes: #631347) + * Add support for $2x$ identifier as blowfish variant in crypt.c to + allow backward compatibility with old invalid hashes + * Return fail string (*0) on invalid Blowfish salt rounds + * Add NEWS item about incompatible blowfish hashes + * Fix CVE-2011-1938: Stack-based buffer overflow in the socket_connect + function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might + allow context-dependent attackers to execute arbitrary code via a + long pathname for a UNIX socket. + + -- Ondřej Surý <ondrej@debian.org> Mon, 04 Jul 2011 12:41:07 +0200 + php5 (5.3.6-12) unstable; urgency=low * Bump standards version to 3.9.2 |