FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- multiple vulnerabilities

Affected packages
	php53	<	5.3.11
	php5	<	5.3.11

Details

VuXML ID	2cde1892-913e-11e1-b44c-001fd0af1a4c
Discovery	2012-03-01
Entry	2012-04-28
Modified	2012-05-04

php development team reports:

Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:

Insufficient validating of upload name leading to corrupted $_FILES indices. (CVE-2012-1172)

Add open_basedir checks to readline_write_history and readline_read_history.

Security Enhancements for both PHP 5.3.11 only:

Regression in magic_quotes_gpc fix for CVE-2012-0831.

[source]

References

CVE Name	CVE-2012-0831
CVE Name	CVE-2012-1172
URL	http://www.php.net/archive/2012.php#id2012-04-26-1