diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index d1ab22798..86a34d2ac 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +php5 (5.3.6-13) unstable; urgency=low + + * Fix CVE-2011-2483: 8-bit character mishandling allows different + password pairs to produce the same hash (Closes: #631347) + * Add support for $2x$ identifier as blowfish variant in crypt.c to + allow backward compatibility with old invalid hashes + * Return fail string (*0) on invalid Blowfish salt rounds + * Add NEWS item about incompatible blowfish hashes + * Fix CVE-2011-1938: Stack-based buffer overflow in the socket_connect + function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might + allow context-dependent attackers to execute arbitrary code via a + long pathname for a UNIX socket. + + -- Ondřej Surý <ondrej@debian.org> Mon, 04 Jul 2011 12:41:07 +0200 + php5 (5.3.6-12) unstable; urgency=low * Bump standards version to 3.9.2 |