add dl() limit patch

author: Stanislav Malyshev <stas@php.net> 2007-09-18 20:25:07 +0000
committer: Stanislav Malyshev <stas@php.net> 2007-09-18 20:25:07 +0000
commit: 08d3f07ced1eda388a2551196eef0d9de9a76ff0 (patch)
tree: 6ab22c69ab50331181e95f26b6b74f36bbebcd40
parent: 280e6464e892d03cb976f46982c9ffa2764a7769 (diff)
download: php-git-08d3f07ced1eda388a2551196eef0d9de9a76ff0.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 7a2c79156d..1e722dc287 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,8 @@ PHP                                                                        NEWS
   (Stas)
 - Fixed PDO crash when driver returns empty LOB stream. (Stas)
 - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas)
+- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
+  (Christian Hoffmann)
 - Fixed missing brackets leading to build warning and error in the log.
   Win32 code). (Andrey)
 - Fixed leaks with multiple connects on one mysqli object. (Andrey)
author	Stanislav Malyshev <stas@php.net>	2007-09-18 20:25:07 +0000
committer	Stanislav Malyshev <stas@php.net>	2007-09-18 20:25:07 +0000
commit	08d3f07ced1eda388a2551196eef0d9de9a76ff0 (patch)
tree	6ab22c69ab50331181e95f26b6b74f36bbebcd40
parent	280e6464e892d03cb976f46982c9ffa2764a7769 (diff)
download	php-git-08d3f07ced1eda388a2551196eef0d9de9a76ff0.tar.gz