On Wed, Jan 11, 2012 at 1:58 PM, Thomas Gries mail@tgries.de wrote:
Am 11.01.2012 19:42, schrieb Chad:
A new PHP version 5.3.9 has been released, see http://www.php.net/archive/2012.php#id2012-01-11-1 The page says "All users are strongly encouraged to upgrade to PHP
5.3.9."
They said almost the same thing for 5.3.1 too[0], and look how well that turned out ;-)
Security Enhancements and Fixes in PHP 5.3.9:
- Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
- Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Which can be easily backported