php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-21 23:18:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,016 Commits 549 Branches 1,484 Tags
51856a76f87ecb24fe1385342be43610fb6c86e4
Commit Graph

71016 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dmitry Stogov 51856a76f8 Fixed bug #69152 2015-03-19 11:36:01 +03:00
Stanislav Malyshev 4c3b73b6df 5.4.40 next 2015-03-17 22:37:16 -07:00
Stanislav Malyshev ef8fc4b53d Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary 2015-03-17 21:59:56 -07:00
Stanislav Malyshev fb04dcf6db Fix bug #69248 - heap overflow vulnerability in regcomp.c 
Merged from https://github.com/garyhouston/regex/commit/70bc2965604b6b8aaf260049e64c708dddf85334
 2015-03-17 17:04:57 -07:00
Stanislav Malyshev 8b14d3052f add test for bug #68976 2015-03-17 17:03:46 -07:00
Stanislav Malyshev 646572d6d3 Fixed bug #68976 - Use After Free Vulnerability in unserialize() 2015-03-17 13:20:22 -07:00
Stanislav Malyshev bfb669891e Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options) 2015-03-17 13:05:43 -07:00
Stanislav Malyshev 9ba4db5e5d fix tests 2015-03-17 12:55:35 -07:00
Stanislav Malyshev 1291d6bbee Fix bug #69207 - move_uploaded_file allows nulls in path 2015-03-17 12:47:58 -07:00
Dmitry Stogov c8eaca013a Added type checks 2015-03-03 10:43:48 +03:00
Dmitry Stogov 0c136a2abd Added type checks 2015-03-03 09:44:46 +03:00
Dmitry Stogov d5248f67b5 Check variable type before its usage as IS_ARRAY. 2015-03-02 12:27:36 +03:00
George Wang 8584cc010a Fixed a bug that header value is not terminated by '\0' when accessed through getenv(). 2015-02-25 10:48:19 -05:00
Ferenc Kovacs c17a17e44b fix typo in bug# 2015-02-18 19:47:07 +01:00
Remi Collet c6a26cb39d add CVE 2015-02-18 06:44:41 +01:00
Stanislav Malyshev 24f8a68d0a 5.4.39 next 2015-02-17 07:34:00 +01:00
Stanislav Malyshev bdfe457a2c Port for for bug #68552 2015-02-17 06:53:02 +01:00
Stanislav Malyshev 7b18981830 Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) 
Conflicts:
	ext/date/php_date.c
 2015-02-17 06:43:51 +01:00
Felipe Pena 82d347a477 - BFN 2015-02-17 01:14:05 -02:00
Felipe Pena 8f9ab04d93 - Fixed bug #67827 (broken detection of system crypt sha256/sha512 support) 2015-02-17 00:23:47 -02:00
Felipe Pena e08bef442c - Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at docoloc dot de 2015-02-16 13:07:26 -02:00
Yasuo Ohgaki 5b6269a253 Update NEWS 2015-02-14 05:34:57 +09:00
Yasuo Ohgaki a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
George Wang 5e3f0f5671 Fixed #68790 (Missing return) 2015-02-07 12:16:54 -05:00
Stanislav Malyshev f001c63073 Update header handling to RFC 7230 2015-02-05 20:08:12 -08:00
Stanislav Malyshev 7efbd70b03 fix sizeof size 2015-02-01 12:40:38 -08:00
Stanislav Malyshev 94d6cb4a78 fix TSRM 2015-01-31 23:34:14 -08:00
Stanislav Malyshev b30a6d6018 Use better constant since MAXHOSTNAMELEN may mean shorter name 2015-01-31 21:46:56 -08:00
Stanislav Malyshev 2cdbd3537f use right sizeof for memset 2015-01-31 21:30:58 -08:00
Stanislav Malyshev 0f9c708229 Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:08:13 -08:00
Ferenc Kovacs 61ad5e24ea fix some factual errors in the process 2015-01-22 21:27:38 +01:00
Stanislav Malyshev b3b155ffe2 format 2015-01-20 11:57:17 -08:00
Stanislav Malyshev 547f62ed2a add CVE 2015-01-20 11:54:45 -08:00
Stanislav Malyshev ef4896d956 add protection against nulls 2015-01-20 11:46:10 -08:00
Stanislav Malyshev 8825311ce1 5.4.38 next 2015-01-20 10:38:33 -08:00
Stanislav Malyshev e63f7b47e1 Merge branch 'bug68710' into PHP-5.4 
* bug68710:
  Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
 2015-01-20 01:02:26 -08:00
Stanislav Malyshev fc6aa939f5 Merge branch 'bug68799' into PHP-5.4 
* bug68799:
  Fix bug #68799: Free called on unitialized pointer
 2015-01-20 01:00:11 -08:00
Daniel Lowrey 0a76610459 Update NEWS 2015-01-14 18:03:27 +01:00
Daniel Lowrey e2fe8e164f Fixed bug #55618 (use case-insensitive cert name matching) 2015-01-14 18:02:50 +01:00
Stanislav Malyshev 2fc178cf44 Fix bug #68799: Free called on unitialized pointer 2015-01-11 00:51:05 -08:00
Anatol Belski ebb98e7aeb updated libmagic.patch in 5.4 2015-01-04 17:04:13 +01:00
Anatol Belski ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Remi Collet 919abf0cb1 removed dead code 2015-01-04 09:40:19 +01:00
Stanislav Malyshev b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev f9ad308669 FIx bug #68618 (out of bounds read crashes php-cgi) 2014-12-30 01:23:05 -08:00
Ferenc Kovacs cd387b4575 add missing NEWS entry 2014-12-17 02:10:36 +01:00
Stanislav Malyshev 8fe4cc6d28 5.4.37 2014-12-16 11:44:41 -08:00
Stanislav Malyshev 53f129a44d add CVE 2014-12-16 10:16:31 -08:00
Stanislav Malyshev b75867fff0 add missing test file 2014-12-16 10:15:17 -08:00
Stanislav Malyshev 630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00