diff options
| -rw-r--r-- | debian/changelog | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 0e8a63a15..3798a8f9c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,20 @@ +php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low + + * Fix regression when the salt is empty (Closes: #623220) + * Fix CVE-2011-2483: 8-bit character mishandling allows different + password pairs to produce the same hash (Closes: #631347) + * Add support for $2x$ identifier as blowfish variant in crypt.c to + allow backward compatibility with old invalid hashes + * Fix CVE-2011-1938: Stack-based buffer overflow in the socket_connect + function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might + allow context-dependent attackers to execute arbitrary code via a + long pathname for a UNIX socket. + * Fix regression in crypt() blowfish algorithm which would fallback + to DES if invalid blowfish salt rounds is given. Now it returns + the fail string (*0) to match with upstream. + + -- Ondřej Surý <ondrej@debian.org> Mon, 04 Jul 2011 10:30:25 +0200 + php5 (5.3.3-7+squeeze3) squeeze-security; urgency=low * Fix CVE-2011-2202: File path injection vulnerability in RFC1867 File upload filename |