add dl() limit patch

author Stanislav Malyshev <stas@php.net>

Tue, 18 Sep 2007 20:25:07 +0000 (20:25 +0000)

committer Stanislav Malyshev <stas@php.net>

Tue, 18 Sep 2007 20:25:07 +0000 (20:25 +0000)
author Stanislav Malyshev <stas@php.net>
Tue, 18 Sep 2007 20:25:07 +0000 (20:25 +0000)
committer Stanislav Malyshev <stas@php.net>
Tue, 18 Sep 2007 20:25:07 +0000 (20:25 +0000)
diff --git a/NEWS b/NEWS

index 7a2c79156d6fbc189fe838a381f7cd119808bc06..1e722dc28783e4c17a1551d060c8cc3a09f0fe5d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,8 @@ PHP                                                                        NEWS
    (Stas)
  - Fixed PDO crash when driver returns empty LOB stream. (Stas)
  - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas)
+- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
+  (Christian Hoffmann)
  - Fixed missing brackets leading to build warning and error in the log.
    Win32 code). (Andrey)
  - Fixed leaks with multiple connects on one mysqli object. (Andrey)
author	Stanislav Malyshev <stas@php.net>
	Tue, 18 Sep 2007 20:25:07 +0000 (20:25 +0000)
committer	Stanislav Malyshev <stas@php.net>
	Tue, 18 Sep 2007 20:25:07 +0000 (20:25 +0000)