<br><font size=2 face="sans-serif">I will be upgrading to php v5.2.8 this
afternoon.</font>
<br>
<br><font size=2 face="sans-serif">This upgrade addresses security concerns
from 5.2.6.</font>
<br>
<br><font size=2 face="sans-serif">The following is a list of changes:</font>
<br>
<br><font size=3><b>Security Enhancements and Fixes in PHP 5.2.8:</b> </font>
<ul>
<li><font size=3>Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)</font>
<li><font size=3>Fixed missing initialization of BG(page_uid) and BG(page_gid),
reported by Maksymilian Arciemowicz.</font>
<li><font size=3>Fixed incorrect php_value order for Apache configuration,
reported by Maksymilian Arciemowicz.</font>
<li><font size=3>Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).</font>
<li><font size=3>Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).</font>
<li><font size=3>Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.</font>
<li><font size=3>Fixed bug #45151 (Crash with URI/file..php (filename contains
2 dots)).(Fixes CVE-2008-3660)</font>
<li><font size=3>Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy
routine buffer overflow). (Fixes CVE-2008-2829)</font></ul><font size=3><b>Key
enhancements in PHP 5.2.8 include:</b> </font>
<ul>
<li><font size=3>Fixed several memory leaks inside the readline and sqlite
extensions</font>
<li><font size=3>A number of corrections relating to date parsing inside
the date extension</font>
<li><font size=3>Fixed bugs relating to data retrieval in the PDO extension</font>
<li><font size=3>A series of crashes in various areas of code were resolved</font>
<li><font size=3>Several corrections were made to the strip_tags() function
in terms of < and <?XML handling</font>
<li><font size=3>A number of bugs were fixed in extract() function when
EXTR_REFS flag is being used</font>
<li><font size=3>Added the ability to log PHP errors to the SAPI (Ex. Apache
log) logging facility</font>
<li><font size=3>Over 170 bug fixes.<br>
</font></ul><font size=2 face="sans-serif">----------------<br>
Thanks,<br>
<br>
Chris Bidwell, RHCT<br>
Red Hat Linux Administrator<br>
Geologic Hazards Team<br>
US Geological Survey<br>
email: cbidwell@usgs.gov<br>
work: 303-273-8642<br>
mobile: 303-435-6362<br>
</font>