Changelog

Client

Version 3.4

released 2007-02-15

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.3

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.2

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.1

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.0

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Server

Version 3.4

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.3

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.2

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.1

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Version 3.0

BUGs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

NEW FEATUREs

Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)

Changelog

Contents

Client

Version 3.4

Version 3.3

Version 3.2

Version 3.1

Version 3.0

Server

Version 3.4

Version 3.3

Version 3.2

Version 3.1

Version 3.0

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools

In other languages