7ceb0e3a18
add NEWS for fixes
2015-09-01 11:53:59 -07:00
48cfd1160b
Merge branch 'PHP-5.4.45' into PHP-5.4
...
* PHP-5.4.45:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350 : ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
2015-09-01 11:40:15 -07:00
7c31203935
Improve fix for #70172
2015-09-01 11:38:39 -07:00
1390a5812b
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
2015-09-01 01:16:30 -07:00
906f19f136
fix test
2015-09-01 00:59:31 -07:00
c8f07ad477
add test
2015-09-01 00:26:12 -07:00
259057b2a4
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
2015-09-01 00:20:45 -07:00
f06a069c46
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
2015-09-01 00:14:15 -07:00
e8429400d4
Fix bug #70172 - Use After Free Vulnerability in unserialize()
2015-08-31 23:26:14 -07:00
e201f01ac1
Fix bug #70388 - SOAP serialize_function_call() type confusion
2015-08-31 21:06:03 -07:00
f9c2bf73ad
Fixed bug #70350 : ZipArchive::extractTo allows for directory traversal when creating directories
2015-08-30 00:38:08 -07:00
ce2c67c8e8
Improve fix for #70385
2015-08-29 23:01:36 -07:00
03964892c0
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
2015-08-28 22:52:50 -07:00
64043cb9e5
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
2015-08-28 22:25:41 -07:00
df4bf28f9f
Fix bug #70219 (Use after free vulnerability in session deserializer)
2015-08-23 19:56:12 -07:00
1744be2d17
Fix for bug #69782
2015-08-16 17:16:15 -07:00
9ff3334397
Add CVE IDs asigned (post release) to PHP 5.4.43
2015-08-10 11:19:18 +03:00
dc72378ff0
Add CVE IDs asigned to #69085 (PHP 5.4.39)
2015-08-10 11:18:33 +03:00
b221df5549
5.4.45 next
2015-08-04 23:56:15 -07:00
da5321013c
fix test
2015-08-04 16:45:20 -07:00
f1acac154a
__wakeup doesn't have to be final
2015-08-04 16:13:26 -07:00
0a21b5d970
fix test
2015-08-04 14:46:19 -07:00
ee61c7175f
update NEWS
2015-08-04 14:37:28 -07:00
51f9a00b47
Merge branch 'PHP-5.4' into PHP-5.4.44
...
* PHP-5.4:
Fixed bug #69892
Adjust Git-Rules
2015-08-04 14:04:24 -07:00
dda81f0505
Fix bug #70019 - limit extracted files to given directory
2015-08-04 14:02:31 -07:00
0e09009753
Do not do convert_to_* on unserialize, it messes up references
2015-08-04 13:59:56 -07:00
4d2278143a
Fix #69793 - limit what we accept when unserializing exception
2015-08-01 22:02:26 -07:00
863bf294fe
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
2015-08-01 22:01:51 -07:00
7381b6accc
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
2015-08-01 22:01:40 -07:00
c7d3c027d5
ignore signatures for packages too
2015-08-01 22:01:32 -07:00
c2e197e4ef
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
2015-08-01 22:01:17 -07:00
7fc04937f5
Fixed bug #69892
2015-08-01 20:47:43 -07:00
8f1baa6e1c
Adjust Git-Rules
2015-07-29 10:02:39 +02:00
16023f3e3b
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
2015-07-26 17:43:16 -07:00
7a4584d3f6
Improved fix for Bug #69441
2015-07-26 17:31:12 -07:00
b7fa67742c
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
2015-07-26 17:25:25 -07:00
e488690d95
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
2015-07-26 17:10:24 -07:00
c96d08b272
Fix bug #70081 : check types for SOAP variables
2015-07-26 16:44:18 -07:00
496f291f3d
5.4.44 next
2015-07-07 15:07:28 -07:00
885edfef0a
Better fix for bug #69958
2015-07-07 09:38:31 -07:00
c8157619ef
update news
2015-07-07 09:38:31 -07:00
97aa752fee
Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
2015-07-07 09:38:31 -07:00
6dedeb40db
Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
2015-07-07 09:38:31 -07:00
bf58162ddf
Fix bug #69958 - Segfault in Phar::convertToData on invalid file
2015-07-07 09:38:30 -07:00
29533ae528
add missing second argument for ucfirst to the proto
2015-07-07 15:48:55 +02:00
cd9c39d77c
Merge branch 'pull-request/1350' into PHP-5.4
...
* pull-request/1350:
Move strlen() check to php_mail_detect_multiple_crlf()
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-28 20:18:56 -07:00
921544cad9
updated NEWS
2015-06-24 00:20:32 +02:00
a621781fdb
Fixed bug #69768 (escapeshell*() doesn't cater to !)
...
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
2015-06-24 00:15:55 +02:00
fdb580a5ad
bump API version to 6.8
2015-06-22 23:38:38 -04:00
d263ecd864
Move strlen() check to php_mail_detect_multiple_crlf()
2015-06-19 15:17:56 +09:00
Stanislav Malyshev