Thursday, May 10, 2012

Security Update: php

Pat has released an updated version of PHP-5.3.13 which brings the complete fix for CVE-2012-2311 which was only delivered partially in previous release, thus Pat waited for the permanent solution just few days after the previous release was announced.

Even though PHP-5.3 is still marked as stable, i personally would like to have next Slackware to have PHP-5.4 because it will have longer support and this version has more strict rules than before because it removes some legacy features such as magic quotes, Safe mode, register globals. In overall, this improves PHP security, but it will requires developers to adjust their scripts properly to be compatible with PHP-5.4. There's always a trade-offs between security and comfort.

He also rebuilt wicd to provide upstream patch to fix a bug that disallows users accepting a passphrase for a new password protected access point.