PHP 5.2.7 Released
December 08, 2008 by Paul Smedley
++ From the VOICE OS/2-eCS News Service http://www.os2voice.org ++
From: Paul Smedley
I've compiled an OS/2 binary of PHP 5.2.7 - it's available now from my site
-------- Original Message --------
Subject: [ANNOUNCE] PHP 5.2.7 Released
Date: Thu, 4 Dec 2008 23:32:14 -0500
From: Ilia Alshanetsky
The PHP development team would like to announce the immediate
availability of PHP 5.2.7. This release focuses on improving the
stability of the PHP 5.2.x branch with over 170 bug fixes, several of
which are security related. All users of PHP are encouraged to upgrade
to this release.
Security Enhancements and Fixes in PHP 5.2.7:
* Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
* Fixed missing initialization of BG(page_uid) and BG(page_gid),
reported by Maksymilian Arciemowicz.
* Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
* Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
* Fixed incorrect php_value order for Apache configuration, reported
by Maksymilian Arciemowicz.
* Fixed safe_mode related security issues detailed in CVE-2008-2665
* Crash with URI/file..php (filename contains 2 dots) (Fixes
* IMAP toolkit crash: rfc822.c legacy routine buffer overflow. (Fixes
Some of the key enhancements in PHP 5.2.7 include:
* Fixed several memory leaks inside the readline and sqlite extensions
* A number of corrections relating to date parsing inside the date
* Fixed bugs relating to data retrieval in the PDO extension
* A series of crashes in various areas of code were resolved
* Several corrections were made to the strip_tags() function in terms
of http://www.php.net/migration52), detailing the changes
between those releases and PHP 5.2.7. For a full list of changes in
PHP 5.2.7, see the ChangeLog (http://www.php.net/ChangeLog-5.php#5.2.7).
5.2 Release Master