On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related :
Security Enhancements and Fixes in PHP 5.3.11:
- Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
- Add open_basedir checks to readline_write_history and readline_read_history.
- Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
Key enhancements in PHP 5.3.11 include:
- Added debug info handler to DOM objects.
- Fixed bug #61172 (Add Apache 2.4 support).
Packages of PHP 5.3.11 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.
17 replies on “PHP 5.3.11”
Please, build package of PHP 5.4.1.
Thank you very much for your work. It’s very important work for lot of people.
Thank you very much!
I’m also waiting for PHP 5.4 🙂
It looks like the php5-fpm is somewhat not working [at all]. Failing to start after this update.
@Tomas : no problem here on dotdeb.org. Be sure to review your configuration files and please check your log files to know the cause of your problem.
@Tomas php-fpm works fine with 5.4 package from dotdeb.
and with 5.3 too 🙂
@Guillaume @Eugene
Sorry, I didn’t see your comments until now. Thank you for a quick response.
That’s the point – no change has been done, except for updating the packages, and no logs are there, when trying to start php5-fpm… :-\
After hours of trying to find the issue, it crossed my mind to remove APC (pecl uninstall APC), and everything started working again.
So, it looks like there is incompatibility between the latest PHP 5.3.11 and the latest APC. Beware!
APC needed to be rebuilt after the above hassle, but it is working fine now.
I am getting the following error
The following packages have unmet dependencies:
php5-intl : Depends: libicu44 (>= 4.4.1-1) but it is not installable
When installing php-intl from your repository
The following packages have unmet dependencies:
php5-intl : Depends: libicu44 (>= 4.4.1-1) but it is not installable
Please note the operating system is ubuntu 12.04 64 bit edition i have set dot deb in repository
@gavin : as said before, Dotdeb is made for Debian, not for Ubuntu. Such dependency problem can occur, especially with the latest 12.04 release.
My advice : stick to the PHP 5.3.10 Ubuntu packages. Remove Dotdeb from your sources.list.
5.3.11 security update is out for CGI -> IMPOTANT. You can get the source of a website, like config and passwords.
@x-f : The new PHP versions as well as the official php patch contain a bug which makes the fix trivial to bypass.
Source : http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
THX for info.
Hi,
When will newer version of php5-apc (3.1.10) be available?
Alex
@Alex B : APC 3.1.9 is displayed in phpinfo() but in fact it’s 3.1.10 (version number hasn’t been raised in the source code)