K 10
svn:author
V 3
flo
K 8
svn:date
V 27
2012-11-26T21:23:25.166655Z
K 7
svn:log
V 941
MFH r307747

- Update backports patch to 20121114
- Bump PORTREVISION

Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function

Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len

- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.

- Timezone database updated to version 2012.9 (2012i)

Approved by:	portmgr (beat)
Feature safe:	yes

END