From 08d3f07ced1eda388a2551196eef0d9de9a76ff0 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 18 Sep 2007 20:25:07 +0000
Subject: [PATCH] add dl() limit patch

---
 NEWS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/NEWS b/NEWS
index 7a2c79156d..1e722dc287 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,8 @@ PHP                                                                        NEWS
   (Stas)
 - Fixed PDO crash when driver returns empty LOB stream. (Stas)
 - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas)
+- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
+  (Christian Hoffmann)
 - Fixed missing brackets leading to build warning and error in the log.
   Win32 code). (Andrey)
 - Fixed leaks with multiple connects on one mysqli object. (Andrey)
-- 
2.50.1