From: Pierre Joye <pajoye@php.net>
Date: Tue, 28 Sep 2010 13:30:30 +0000 (+0000)
Subject: - Fixed possible flaw in open_basedir (CVE-2010-3436)
X-Git-Tag: php-5.3.4RC1~194
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6bae8fbd9cb6f7a0ee20f9e92ca40d909b72b251;p=php

- Fixed possible flaw in open_basedir (CVE-2010-3436)
---

diff --git a/NEWS b/NEWS
index 6d8d00e2b2..c74002110b 100644
--- a/NEWS
+++ b/NEWS
@@ -13,8 +13,9 @@
 - Implemented symbolic links support for open_basedir checks. (Pierre)
 - Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
 
-- Fixed symbolic resolution support when the target is a DFS share. (Pierre)
+- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
 - Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
+- Fixed symbolic resolution support when the target is a DFS share. (Pierre)
 - Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. 
   (Kalle)
 - Changed the $context parameter on copy() to actually have an effect. (Kalle)