Hello, PHP development team would like to announce the immediate availability of PHP 5.1.5 and PHP 4.4.4. The two releases address a series of security problems discovered since PHP 5.1.4 and 4.4.3, respectively. These include the following: - Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems. - Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache. - Fixed overflow in GD extension on invalid GIF images. - Fixed a buffer overflow inside sscanf() function. - Fixed an out of bounds read inside stripos() function. - Fixed memory_limit restriction on 64 bit system. In addition to the security fixes, both releases include a small number of non-security related bug fixes. The outlined issues can only be exploited locally, however, we still recommend that all users upgrade to either one of the new releases as soon as possible. Ilia Alshanetsky and Derick Rethans -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php