These are the security fixes as shown in the current changelog at: http://www.php.net/ChangeLog-5.php
I chased down the CVS commit log messages against 5_2 for each of these. Most of the fixes look relatively compact, with the exception of the last, which is comparatively huge. Version 5.2.6 01-May-2008 * Security Fixes * Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin) * http://marc.info/?l=php-cvs&m=120721829703242&w=2 * Properly address incomplete multibyte chars inside escapeshellcmd() (Ilia, Stefan Esser) * http://marc.info/?l=php-cvs&m=120579496007399&w=2 * Fixed security issue detailed in CVE-2008-0599. (Rasmus) * http://marc.info/?l=php-cvs&m=120415902925033&w=2 * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (Ilia) * http://marc.info/?l=php-cvs&m=119963956428826&w=2 * Upgraded PCRE to version 7.6 (Nuno) * http://marc.info/?l=php-cvs&m=120163838831816&w=2 * Note, this is a very LARGE patch :-Dustin -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs