php 5 version 5.4.4 发布+11楼 mysql、windows远程连接严重漏洞
http://www.php.net/changelog-5.php
06-june-2012
des算法crypt实现中的一个漏洞
phar扩展中的一个堆溢出问题
cli sapi
implemented fr #61977 (need cli web-server support for files with .htm & svg extensions)
improved performance while sending error page, this also fixed bug fixed bug #61785 (memory leak when access a non-exists file without router)
fixed bug #61546 (functions related to current script failed when chdir() in cli sapi)
core
fixed missing bound check in iptcparse()
fixed cve-2012-2143
fixed bug #62097 (fix for for bug #54547)
fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
fixed bug #61978 (object recursion not detected for classes that implement jsonserializable)
fixed bug #61991 (long overflow in realpath_cache_get())
fixed bug #61922 (zts build doesn't accept zend.script_encoding config)
fixed bug #61827 (incorrect \e processing on windows)
fixed bug #61782 (__clone/__destruct do not match other methods when checking access controls)
fixed bug #61761 ('overriding' a private static method with a different signature causes crash)
fixed bug #61730 (segfault from array_walk modifying an array passed by reference)
fixed bug #61728 (php crash when calling ob_start in request_shutdown phase)
fixed bug #61660 (bin2hex(hex2bin($data)) != $data)
fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2))
fixed bug #61605 (header_remove() does not remove all headers)
fixed bug #54547 (wrong equality of string numbers)
fixed bug #54197 ([path=] sections incompatibility with user_ini.filename set to null)
changed php://fd to be available only for cli
curl
fixed bug #61948 (curlopt_cookiefile '' raises open_basedir restriction)
com
fixed bug #62146 com_dotnet cannot be built shared
fileinfo
fixed bug #61812 (uninitialised value used in libmagic)
fpm
fixed bug #61812 (uninitialised value used in libmagic)
fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read()
iconv
fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. see https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail
intl
fixed bug #62082 (memory corruption in internal function get_icu_disp_value_src_php()
json
fixed bug #61537 (json_encode() incorrectly truncates/discards information)
libxml
fixed bug #61617 (libxml tests failed(ht is already destroyed))
pdo
fixed bug #61755 (a parsing bug in the prepared statements can lead to access violations)
phar
fixed bug #61065 (secunia sa44335) (cve-2012-2386)
streams
fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)
zlib
fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression)
fixed bug #61443 (can't change zlib.output_compression on the fly)
fixed bug #60761 (zlib.output_compression fails on refresh)
------解决方案--------------------
这些漏洞没有修复？
------解决方案--------------------
推存wamp2.2
探讨
这些是已经修复的.
引用:
这些漏洞没有修复？
------解决方案--------------------
.... 完全看不懂。。
------解决方案--------------------
探讨
.... 完全看不懂。。
------解决方案--------------------