SecurityvulnsSECURITYVULNS:DOC:10368PHP Version 5.1.0 Update Fixes Several Vulnerabilities
Details available at
http://www.php.net/ChangeLog-5.php#5.1.0
from 24th Nov, 2005.
Some security-related issues from vendor's change log:
Fixed crash inside stream_get_line() when length parameter equals 0.
Fixed potential GLOBALS overwrite via import_request_variables() and
possible crash and/or memory corruption.
shtool: insecure temporary file creation (Jani)
http://bugs.php.net/33150
crash on PDO::FETCH_CLASS + __set()
http://bugs.php.net/35336
PDO prepare() crashes with invalid parameters
http://bugs.php.net/35303
http://bugs.php.net/35278
Multiple virtual() calls crash Apache 2 php module
http://bugs.php.net/35229
call_user_func() crashes when argument_stack is nearly full
http://bugs.php.net/35135
PDOStatment without related PDO object may crash
http://bugs.php.net/35009
ZTS: Persistent resource destruct crashes when extension is compiled as shared
http://bugs.php.net/34045
Buffer overflow with serialized object
etc.
Regards,
Juha-Matti Laurio