重要的網頁程式語言PHP,其網頁程式編譯器釋出新版PHP 5.2.8,為幾天前PHP 5.2.7釋出後的緊急修補版本,導因為magic_quotes_gpc打開的嚴重安全性錯誤,當時PHP方面還緊急將5.2.7先撤回,過幾天後,修正好的PHP 5.2.8就發行。而PHP 5的下一個重要分支PHP 5.3,日前也已經推出Alpha 3版了。
如果看PHP 5.2.7的更新,改善約170項bug,也提高執行效率。PHP 5.2.8則是修掉了5.2.7的Reverted bug fix Fixed bug #42718 that broke magic_quotes_gpc (Scott)。
這次PHP 5.2.8/5.2.7更新的重點內容如下:
* Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
* Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
* Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
* Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
* Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
* Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
* Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
* Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
這次PHP 5.2.8/5.2.7修掉的重點Bug如下:
* Fixed several memory leaks inside the readline and sqlite extensions
* A number of corrections relating to date parsing inside the date extension
* Fixed bugs relating to data retrieval in the PDO extension
* A series of crashes in various areas of code were resolved
* Several corrections were made to the strip_tags() function in terms of < and <?XML handling
* A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
* Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
