diff --git a/ChangeLog-4.php b/ChangeLog-4.php
index f422cd179..a00d256c3 100644
--- a/ChangeLog-4.php
+++ b/ChangeLog-4.php
@@ -7,6 +7,10 @@ site_header("PHP 4 ChangeLog", array("current" => "docs", "css" => array("change
PHP 4 ChangeLog
+4.4 | 4.3
+
+
+
+
+
Version 4.3.11
diff --git a/ChangeLog-5.php b/ChangeLog-5.php
index 86e296355..bc92cdf2f 100644
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -7,6 +7,12 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change
PHP 5 ChangeLog
+5.6 |
+5.5 | 5.4 |
+5.3 | 5.2 |
+5.1 | 5.0 |
+
+
Version 5.6.40
@@ -709,54 +715,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.38
-
-- Core:
-
- - (php_url_parse_ex() buffer overflow read). (CVE-2016-6288)
- - (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)
- - (Use After Free in unserialize() with Unexpected Session Deserialization). (CVE-2016-6290)
- - (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)
-
-- BZip2:
-
- - (Inadequate error handling in bzread()). (CVE-2016-5399)
-
-- EXIF:
-
- - (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)
- - (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)
-
-- GD:
-
- - (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
- - (imagegif/output out-of-bounds access).
- - (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)
-
-- Intl:
-
- - (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)
-
-- ODBC:
-
- - (PHP segfaults when accessing nvarchar(max) defined columns). (CVE-2015-8879)
-
-- SNMP:
-
- - (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)
-
-- Xmlrpc:
-
- - (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)
-
-- Zip:
-
- - (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)
-
-
-
-
Version 5.6.23
@@ -815,49 +773,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.37
-
-- Core:
-
- - (Integer Overflow in nl2br()).
- - (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).
- - (Integer Overflow in addcslashes/addslashes).
- - (Integer Overflow in Length of String-typed ZVAL).
-
-- GD:
-
- - (Stack overflow with imagefilltoborder). (CVE-2015-8874)
- - (pass2_no_dither out-of-bounds access).
- - (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
- - (NULL Pointer Dereference at _gdScaleVert).
- - (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
-
-- mbstring:
-
- - (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
-
-
-mcrypt:
-
- - (Heap Overflow due to integer overflows). (CVE-2016-5769)
-
-SPL:
-
- - (int/size_t confusion in SplFileObject::fread). (CVE-2016-5770)
- - (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5771)
-
-WDDX:
-
- - (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
-
-zip:
-
- - (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)
-
-
-
-
Version 5.6.22
@@ -883,29 +798,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.36
-
-- Core:
-
- - (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
- - (Integer Overflow in php_html_entities). (CVE-2016-5094)
-
-- GD:
-
- - (imagescale out-of-bounds read). (CVE-2013-7456)
-
-- Intl:
-
- - (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
-
-- Phar:
-
- - (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)
-
-
-
-
Version 5.6.21
@@ -976,32 +868,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.35
-
-- BCMath:
-
- - (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)
-
-- Exif:
-
- - (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
-
-- GD:
-
- - (libgd: signedness vulnerability). (CVE-2016-3074)
-
-- Intl:
-
- - (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)
-
-- XML:
-
- - (xml_parse_into_struct segmentation fault). (CVE-2016-4539)
-
-
-
-
Version 5.6.20
@@ -1054,32 +920,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.34
-
-- Fileinfo:
-
- - (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)
-
-- Mbstring:
-
- - (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)
-
-- ODBC:
-
- - (Invalid memory write in phar on filename with \0 in name). (CVE-2016-4072)
-
-- SNMP:
-
- - (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)
-
-- Standard:
-
- - (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)
-
-
-
-
Version 5.6.19
@@ -1135,20 +975,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.33
-
-- Phar:
-
- - (Out-of-Bound Read in phar_parse_zipfile()).
-
-- WDDX:
-
- - (Use-After-Free / Double-Free in WDDX Deserialize).
-
-
-
-
Version 5.6.18
@@ -1209,36 +1035,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.32
-
-- Core:
-
- - (exec functions ignore length but look for NULL termination).
- - (Output of stream_get_meta_data can be falsified by its input).
- - (Integer overflow in iptcembed()).
-
-- GD:
-
- - Improved fix for bug .
-
-- PCRE:
-
- - Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
-
-- Phar:
-
- - (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)
- - (NULL Pointer Dereference in phar_tar_setupmetadata()).
- - (Stack overflow when decompressing tar archives). (CVE-2016-2554)
-
-- WDDX:
-
- - (Type Confusion in WDDX Packet Deserialization).
-
-
-
-
Version 5.6.17
@@ -1286,29 +1082,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.31
-
-- FPM:
-
- - (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)
-
-- GD:
-
- - (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)
-
-- WDDX:
-
- - (Use After Free Vulnerability in WDDX Packet Deserialization).
- - (Session WDDX Packet Deserialization Type Confusion Vulnerability).
-
-- XMLRPC:
-
- - (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
-
-
-
-
Version 5.6.16
@@ -1430,17 +1203,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.30
-
-- Phar:
-
- - (Null pointer dereference in phar_get_fp_offset()). (CVE-2015-7803)
- - (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). (CVE-2015-7804)
-
-
-
-
Version 5.6.13
@@ -1514,86 +1276,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.29
-
-- Core:
-
- - (Use After Free Vulnerability in unserialize()). (CVE-2015-6834)
- - (Use after free vulnerability in session deserializer). (CVE-2015-6835)
-
-- EXIF:
-
- - (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
-
-- hash:
-
- - (HAVAL gives wrong hashes in specific cases).
-
-- PCRE:
-
- - (Multiple vulnerabilities related to PCRE functions).
-
-- SOAP:
-
- - (SOAP serialize_function_call() type confusion / RCE). (CVE-2015-6836)
-
-- SPL:
-
- - (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)
- - (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)
-
-- XSLT:
-
- - (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
-
-- ZIP:
-
- - (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)
-
-
-
-
-
-Version 5.4.45
-
-- Core:
-
- - (Use After Free Vulnerability in unserialize()). (CVE-2015-6834)
- - (Use after free vulnerability in session deserializer). (CVE-2015-6835)
-
-- EXIF:
-
- - (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
-
-- hash:
-
- - (HAVAL gives wrong hashes in specific cases).
-
-- PCRE:
-
- - (Multiple vulnerabilities related to PCRE functions).
-
-- SOAP:
-
- - (SOAP serialize_function_call() type confusion / RCE). (CVE-2015-6836)
-
-- SPL:
-
- - (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)
- - (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)
-
-- XSLT:
-
- - (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
-
-- ZIP:
-
- - (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)
-
-
-
-
Version 5.6.12
@@ -1657,71 +1339,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.28
-
-- Core:
-
- - (Remotely triggerable stack exhaustion via recursive method calls).
- - (Different arrays compare indentical due to integer key truncation).
- - (TS issues with temporary dir handling).
- - (unserialize() could lead to unexpected methods execution / NULL pointer deref).
-
-- OpenSSL:
-
- - (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
-
-- Phar:
-
- - Improved fix for bug .
- - (Files extracted from archive may be placed outside of destination directory). (CVE-2015-6833)
-
-- SOAP:
-
- - (SoapClient info leak / null pointer dereference via multiple type confusions).
-
-- SPL:
-
- - (Dangling pointer in the unserialization of ArrayObject items). (CVE-2015-6832)
- - (Use After Free Vulnerability in unserialize() with SPLArrayObject). (CVE-2015-6831)
- - (Use After Free Vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6831)
- - (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6831)
-
-
-
-
-
-Version 5.4.44
-
-- Core:
-
- - (Remotely triggerable stack exhaustion via recursive method calls).
- - (Different arrays compare indentical due to integer key truncation).
- - (unserialize() could lead to unexpected methods execution / NULL pointer deref).
-
-- OpenSSL:
-
- - (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
-
-- Phar:
-
- - Improved fix for bug .
- - (Files extracted from archive may be placed outside of destination directory). (CVE-2015-6833)
-
-- SOAP:
-
- - (SoapClient info leak / null pointer dereference via multiple type confusions).
-
-- SPL:
-
- - (Dangling pointer in the unserialization of ArrayObject items). (CVE-2015-6832)
- - (Use After Free Vulnerability in unserialize() with SPLArrayObject). (CVE-2015-6831)
- - (Use After Free Vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6831)
- - (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6831)
-
-
-
-
Version 5.6.11
@@ -1783,77 +1400,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.27
-
-- Core:
-
- - (escapeshell*() doesn't cater to !).
- - (Use __builtin_clzl on PowerPC).
- - (can induce segmentation fault with basic php code).
- - (Windows 10 reported as Windows 8).
- - (parse_ini_file() and parse_ini_string() segmentation fault).
- - (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business").
- - (phpinfo() does not report many Windows SKUs).
- - (Different arrays compare indentical due to integer key truncation).
- - (Can't set empty additional_headers for mail()), regression from fix to bug .
-
-- GD:
-
- - (imagegammacorrect function loses alpha channel).
-
-- Mysqlnd:
-
- - (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
-
-- PCRE:
-
- - Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string).
- - (Segfault in preg_replace_callback).
-
-- PDO_pgsql:
-
- - (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).
- - (PDO-pgsql fails to connect if password contains a leading single quote).
- - (PDO PgSQL Incorrect binding numeric array with gaps).
-
-- Phar:
-
- - (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
- - (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
-
-- SimpleXML:
-
- - Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name).
-
-- SPL:
-
- - (Segfault when SplMinHeap::compare produces fatal error).
- - (SplFileObject setMaxLineLength).
-
-
-
-
-
-Version 5.4.43
-
-- Core:
-
- - (escapeshell*() doesn't cater to !).
- - (Can't set empty additional_headers for mail()), regression from fix to bug .
-
-- Mysqlnd:
-
- - (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
-
-- Phar:
-
- - (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
- - (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
-
-
-
-
Version 5.6.10
@@ -1911,93 +1457,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.26
-
-- Core:
-
- - (Conditional jump or move depends on uninitialised value in extension trait).
- - (temp. directory is cached during multiple requests).
- - (complex GLOB_BRACE fails on Windows).
- - (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
- - (Incorrect handling of paths with NULs). (CVE-2015-4598)
-
-- FTP:
-
- - Improved fix for bug (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
-
-- GD:
-
- - (GD fails to build with newer libvpx).
-
-- Iconv:
-
- - (iconv with //IGNORE cuts the string).
-
-- Litespeed SAPI:
-
- - (Unchecked return value).
-
-- Mail:
-
- - (mail() does not have mail header injection prevention for additional headers).
-
-- MCrypt:
-
- - Added file descriptor caching to mcrypt_create_iv().
-
-- Opcache:
-
- - (Memory leak with opcache.optimization_level=0xFFFFFFFF).
-
-- PCRE:
-
- - Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
-
-- Phar:
-
- - (phar symlink in binary directory broken).
-
-- Postgres:
-
- - (segfault in php_pgsql_meta_data). (CVE-2015-4644)
-
-- Sqlite3:
-
- - Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
- CVE-2015-3416)
-
-
-
-
-
-Version 5.4.42
-
-- Core:
-
- - Improved fix for bug (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
- - (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
- - (Incorrect handling of paths with NULs). (CVE-2015-4598)
-
-- Litespeed SAPI:
-
- - (Unchecked return value).
-
-- Mail:
-
- - (mail() does not have mail header injection prevention for additional headers).
-
-- Postgres:
-
- - (segfault in php_pgsql_meta_data). (CVE-2015-4644)
-
-- Sqlite3:
-
- - Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)
-
-
-
-
Version 5.6.9
@@ -2044,77 +1503,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.25
-
-- Core:
-
- - (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024)
- - (str_repeat() sign mismatch based memory corruption).
- - (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
- - (heap buffer overflow in unpack()).
- - (Wrong checked for the interface by using Trait).
- - (Invalid read in zend_std_get_method).
- - ("use statement [...] has no effect" depends on leading backslash).
- - (Segmentation fault in gc_remove_zval_from_buffer).
- - (segmentation fault in destructor).
- - (Returning compatible sub generator produces a warning).
- - (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA).
-
-- FTP:
-
- - (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)
-
-- ODBC:
-
- - (Incorrect use of SQLColAttributes with ODBC 3.0).
- - (ODBC: Query with same field name from two tables returns incorrect result).
- - (out of memory with sage odbc driver).
-
-- OpenSSL:
-
- - (Reading empty SSL stream hangs until timeout).
-
-- PCNTL:
-
- - (pcntl_exec() should not allow null char). (CVE-2015-4026)
-
-- Phar:
-
- - (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)
-
-
-
-
-
-Version 5.4.41
-
-- Core:
-
- - (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024)
- - (str_repeat() sign mismatch based memory corruption).
- - (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
- - (heap buffer overflow in unpack()).
-
-- FTP:
-
- - (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)
-
-- PCNTL:
-
- - (pcntl_exec() should not allow null char). (CVE-2015-4026)
-
-- PCRE:
-
- - Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
-
-- Phar:
-
- - (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)
-
-
-
-
Version 5.6.8
@@ -2210,154 +1598,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.24
-
-- Apache2handler:
-
- - (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
-
-- Core:
-
- - (php crashes with __get() and ++ operator in some cases).
- - (User exceptions not properly handled in streams).
- - (get_browser() browser_name_regex returns non-utf-8 characters).
- - (parse_url fails on some partial urls).
- - (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
- - Additional fix for bug (Type confusion vulnerability in exception::getTraceAsString).
- - (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
- - (Segmentation fault when using a generator in combination with an Iterator).
- - (php_stream_url_wrap_http_ex() type-confusion vulnerability).
- - (Missing null byte checks for paths in various PHP extensions). (CVE-2015-3411, CVE-2015-3412)
-
-- cURL:
-
- - (HTTP2 support).
- - (Missing break / control flow).
- - (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
-
-- Date:
-
- - Export date_get_immutable_ce so that it can be used by extensions.
- - (Issues with "last day of <monthname>").
-
-- Enchant:
-
- - (Enchant broker plugins are in the wrong place in windows builds).
-
-- Ereg:
-
- - (NULL Pointer Dereference).
-
-- Fileinfo:
-
- - (Fileinfo on specific file causes spurious OOM and/or segfault). (CVE-2015-4604, CVE-2015-4605)
-
-- Filter:
-
- - (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
- - (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
-
-- Mbstring:
-
- - (False detection of CJK Unified Ideographs Extension E).
-
-- ODBC:
-
- - (Incorrect use of SQLColAttributes with ODBC 3.0).
-
-- OPCache:
-
- - (opcache_is_script_cached no longer works).
- - (Use After Free). (CVE-2015-1351)
-
-- OpenSSL:
-
- - (Add signatureType to openssl_x509_parse).
- - Add a check for RAND_egd to allow compiling against LibreSSL.
-
-- Phar:
-
- - (PharData::extractTo fails for tarball created by BSD tar).
- - (phar_add_file is too restrictive on filename).
- - (Call to undefined method cli_arg_typ_string).
- - (Phar::mapPhar fails for Phars inside a path containing ".tar").
- - (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783, CVE-2015-3307)
- - (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
-
-- Postgres:
-
- - (Null pointer dereference). (CVE-2015-1352)
-
-- SOAP:
-
- - (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (CVE-2015-4599)
- - (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
-
-- SPL:
-
- - (Use after free in zval_scan caused by spl_object_storage_get_gc).
-
-- SQLITE:
-
- - (SQLITE segfaults if custom collator throws an exception).
- - (Upgrade bundled sqlite to 3.8.8.3).
- - (SQLite prepared statement use-after-free).
-
-
-
-
-
-Version 5.4.40
-
-- Apache2handler:
-
- - (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
-
-- Core:
-
- - Additional fix for bug (Type confusion vulnerability in exception::getTraceAsString).
- - (php_stream_url_wrap_http_ex() type-confusion vulnerability).
- - (Missing null byte checks for paths in various PHP extensions). (CVE-2015-3411, CVE-2015-3412)
-
-- cURL:
-
- - (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
-
-- Ereg:
-
- - (NULL Pointer Dereference).
-
-- Fileinfo:
-
- - (Fileinfo on specific file causes spurious OOM and/or segfault). (CVE-2015-4604, CVE-2015-4605)
-
-- GD:
-
- - (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
-
-- Phar:
-
- - (use after free). (CVE-2015-2301)
- - (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783, CVE-2015-3307)
- - (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
-
-- Postgres:
-
- - (Null pointer deference). (CVE-2015-1352)
-
-- SOAP:
-
- - (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (CVE-2015-4599)
- - (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
-
-- Sqlite3:
-
- - (SQLite prepared statement use-after-free).
-
-
-
-
Version 5.6.7
@@ -2439,111 +1679,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.23
-
-- Core:
-
- - (leaks when unused inner class use traits precedence).
- - (Crash in gc_zval_possible_root on unserialize).
- - (Segfault in get_current_user when script owner is not in passwd with ZTS build).
- - (Segfault when calling ob_start from output buffering callback).
- - (Fail to push to the empty array with the constant value defined in class scope).
- - (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
- - (Exception with invalid character causes segv).
- - (Missing arguments in reflection info for some builtin functions).
- - (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
- - (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
- - (move_uploaded_file allows nulls in path). (CVE-2015-2348)
-
-- CGI:
-
- - (php-cgi's getopt does not see $argv).
-
-- CLI:
-
- - (auto_prepend_file messes up __LINE__).
-
-- cURL:
-
- - (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
- - Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
-
-- Ereg:
-
- - (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
-
-- FPM:
-
- - (request time is reset too early).
-
-- JSON :
-
- - Fixed bug #64695 (JSON_NUMERIC_CHECK has issues with strings that are
- numbers plus the letter e).
-
-- ODBC:
-
- - (Allowed memory size exhausted with odbc_exec).
-
-- Opcache:
-
- - (Array numeric string as key).
- - (switch(SOMECONSTANT) misbehaves).
-
-- OpenSSL:
-
- - , , , (encrypted streams don't observe socket timeouts).
-
-- pgsql:
-
- - (pg_update() fails to store infinite values).
-
-- Readline:
-
- - (Null dereference in readline_(read|write)_history() without parameters).
-
-- SOAP:
-
- - (SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)
-
-- SPL:
-
- - ("Segmentation fault" when (de)serializing SplObjectStorage).
- - (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
-
-- ZIP:
-
- - (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)
-
-
-
-
-
-
-Version 5.4.39
-
-- Core:
-
- - (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
- - (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
- - (move_uploaded_file allows nulls in path). (CVE-2015-2348)
-
-- Ereg:
-
- - (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
-
-- SOAP:
-
- - (SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)
-
-- ZIP:
-
- - (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)
-
-
-
-
Version 5.6.6
@@ -2626,104 +1761,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.22
-
-- Core:
-
- - (getClosure returns somethings that's not a closure).
- - (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
- - (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
- - Added NULL byte protection to exec, system and passthru.
- - Removed support for multi-line headers, as they are deprecated by RFC 7230.
-
-- Date:
-
- - (strtotime incorrectly interprets SGT time zone).
-
-- Dba:
-
- - (useless comparisons).
-
-- Enchant:
-
- - (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
-
-- Fileinfo:
-
- - (Double free with disabled ZMM).
-
-- FPM:
-
- - (Wrong response to FCGI_GET_VALUES).
- - (core dump when webserver close the socket).
-
-- Libxml:
-
- - (libxml_disable_entity_loader setting is shared between threads). (CVE-2015-8866)
-
-- PDO_mysql:
-
- - (PDOMysql with mysqlnd does not allow the usage of named pipes).
-
-- Phar:
-
- - (use after free). (CVE-2015-2301)
-
-- Pgsql:
-
- - (pg_copy_from() modifies input array variable).
-
-- Sqlite3:
-
- - (SQLite3Result::fetchArray declares wrong required_num_args).
-
-- Mysqli:
-
- - (linker error on some OS X machines with fixed width decimal support).
- - (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors).
-
-- Session:
-
- - (mod_files.sh is a bash-script).
- - (no EINTR check on flock).
- - (Empty session IDs do still start sessions).
-
-- Standard:
-
- - (flock() out parameter not set correctly in windows).
- - (Request may get env. variables from previous requests if PHP works as FastCGI).
-
-- Streams:
-
- - Fixed bug which caused call after final close on streams filter.
-
-
-
-
-
-
-Version 5.4.38
-
-- Core:
-
- - Removed support for multi-line headers, as they are deprecated by RFC 7230.
- - Added NULL byte protection to exec, system and passthru.
- - (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
- - (broken detection of system crypt sha256/sha512 support).
- - (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
-
-- Enchant:
-
- - (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
-
-- SOAP:
-
- - (SoapServer cannot handle large messages).
-
-
-
-
Version 5.6.5
@@ -2830,138 +1867,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.21
-
-- Core:
-
- - Upgraded crypt_blowfish to version 1.3.
- - (unlink() bug with some files path).
- - (Inside trait, self::class != __CLASS__).
- - (Constructor from trait conflicts with inherited constructor).
- - (errors spawn MessageBox, which blocks test automation).
- - (Application Popup provides too few information).
- - (localeconv() broken in TS builds).
- - (setting locale randomly broken).
- - (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly).
- - (Crash in timeout thread).
- - (Explicit Double Free). (CVE-2014-9425)
- - (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
-
-- CGI:
-
- - (out of bounds read crashes php-cgi). (CVE-2014-9427)
-
-- CLI server:
-
- - (Invalid HTTP requests make web server segfault).
-
-- cURL:
-
- - (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set).
-
-- EXIF:
-
- - (Free called on uninitialized pointer). (CVE-2015-0232)
-
-- Fileinfo:
-
- - (incorrect expression in libmagic).
- - (fileinfo out-of-bounds memory access). (CVE-2014-9652)
- - Removed readelf.c and related code from libmagic sources.
-
-- FPM:
-
- - (listen.allowed_clients is broken).
-
-- GD:
-
- - (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
-
-- Mbstring:
-
- - (--with-libmbfl configure option not present on Windows).
-
-- Mcrypt:
-
- - Fixed possible read after end of buffer and use after free.
-
-- Opcache:
-
- - (Memory leak when using "continue 2" inside two foreach loops).
-
-- OpenSSL:
-
- - (use case-insensitive cert name matching).
-
-- Pcntl:
-
- - (pcntl_signal doesn't decrease ref-count of old handler
- when setting SIG_DFL).
-
-- PCRE:
-
- - (Alignment Bug in PCRE 8.34 upstream).
-
-- pgsql:
-
- - (lo_export return -1 on failure).
-
-- PDO:
-
- - (PDO#getAttribute() cannot be called with platform-specific
- attribute names).
-
-- PDO_mysql:
-
- - (Add new PDO mysql connection attr to control multi
- statements option).
-
-- SPL:
-
- - (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
- breaks the RecursiveIterator).
- - (cannot cast SplFileInfo to boolean).
- - (Added escape parameter to SplFileObject::fputcsv).
-
-- SQLite:
-
- - (Update bundled libsqlite to 3.8.7.2).
-
-- Streams:
-
- - (convert.base64-encode omits padding bytes).
-
-
-
-
-
-Version 5.4.37
-
-- Core:
-
- - (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
-
-- CGI:
-
- - (out of bounds read crashes php-cgi). (CVE-2014-9427)
-
-- EXIF:
-
- - (Free called on uninitialized pointer). (CVE-2015-0232)
-
-- Fileinfo:
-
- - Removed readelf.c and related code from libmagic sources.
- - (fileinfo out-of-bounds memory access). (CVE-2014-9652)
-
-- OpenSSL:
-
- - (use case-insensitive cert name matching).
-
-
-
-
Version 5.6.4
@@ -3022,71 +1927,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.20
-
-- Core:
-
- - (Some Zend headers lack appropriate extern "C" blocks).
- - ("Inconsistent insteadof definition."- incorrectly triggered).
- - ("unset($this)" can make the program crash).
- - (NULL pointer dereference in unserialize.c).
- - (Use after free vulnerability in unserialize()). (CVE-2014-8142)
-
-- Date:
-
- - Fixed day_of_week function as it could sometimes return negative values internally.
-
-- FPM:
-
- - (fpm_unix_init_main ignores log_level).
- - (listen=9000 listens to ipv6 localhost instead of all addresses).
- - (access.format='%R' doesn't log ipv6 address).
- - (PHP-FPM will no longer load all pools).
- - (listen.allowed_clients is IPv4 only).
- - (php-fpm man page is oudated).
- - (Change pm.start_servers default warning to notice).
- - (listen.allowed_clients can silently result in no allowed access).
- - (php-fpm conf files loading order).
- - (access.log don't use prefix).
-
-- Mcrypt:
-
- - Fixed possible read after end of buffer and use after free.
-
-- PDO_pgsql:
-
- - (Segmentation fault on statement deallocation).
- - (PDO_PGSQL::beginTransaction() wrongly throws exception
- when not in transaction).
- - (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving).
-
-- SOAP:
-
- - (Segmentation fault on SoapClient::__getTypes).
-
-- zlib:
-
- - (Compiling PHP with large file support will replace
- function gzopen by gzopen64).
-
-
-
-
-Version 5.4.36
-
-- Core:
-
- - Upgraded crypt_blowfish to version 1.3.
- - (NULL pointer dereference in unserialize.c).
- - (Use after free vulnerability in unserialize()). (CVE-2014-8142)
-
- - Mcrypt:
-
- - Fixed possible read after end of buffer and use after free.
-
-
-
Version 5.6.3
@@ -3154,83 +1994,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.19
-
-- Core:
-
- - (AddressSanitizer reports a heap buffer overflow in
- php_getopt()).
- - ($a->foo .= 'test'; can leave $a->foo undefined).
- - (parse_url() - incomplete support for empty usernames
- and passwords).
- - (zend_mm_heap corrupted after memory overflow in
- zend_hash_copy).
-
-- cURL:
-
- - Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
- CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl.
-
-- Fileinfo:
-
- - (libmagic: don't assume char is signed).
- - (fileinfo: out-of-bounds read in elf note headers).
- (CVE-2014-3710)
-
-- FPM:
-
- - (listen and listen.allowed_clients should take IPv6
- addresses.
-
-- GD:
-
- - imagescale() fails without height param
-
-- GMP:
-
- - (GMP memory management conflicts with other libraries
- using GMP).
-
-- Mysqli:
-
- - (linker error on some OS X machines with fixed width
- decimal support).
-
-- ODBC:
-
- - (ODBC not correctly reading DATE column when preceded by
- a VARCHAR column)
-
-- SPL:
-
- - (Regression in RecursiveRegexIterator)
-
-
-
-
-
-Version 5.4.35
-
-- Core:
-
- - (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
-
-- Fileinfo:
-
- - (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
-
-- GMP:
-
- - (GMP memory management conflicts with other libraries using GMP).
-
-- PDO_pgsql:
-
- - (Segmentation fault on statement deallocation).
-
-
-
-
Version 5.6.2
@@ -3253,85 +2016,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.18
-
-- Core:
-
- - (Incorrect last used array index copied to new array after
- unset).
- - (Windows 8.1/Server 2012 R2 OS build number reported
- as 6.2 (instead of 6.3)).
- - (A foreach on an array returned from a function not doing
- copy-on-write).
- - (proc_open on Windows hangs forever).
- - (Integer overflow in unserialize() (32-bits only)).
- (CVE-2014-3669)
-
-- cURL:
-
- - (NULL byte injection - cURL lib).
-
-- Exif:
-
- - (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
-
-- FPM:
-
- - (PHP-FPM incorrectly defines the SCRIPT_NAME variable
- when using Apache, mod_proxy-fcgi and ProxyPass).
-
-- OpenSSL:
-
- - Revert regression introduced by fix of bug .
-
-- Reflection:
-
- - (Duplicate entry in Reflection for class alias).
-
-- Session:
-
- - (SessionHandler Invalid memory read create_sid()).
-
-- XMLRPC:
-
- - (Global buffer overflow in mkgmtime() function).
- (CVE-2014-3668)
-
-
-
-
-
-Version 5.4.34
-
-- Fileinfo:
-
- - (libmagic: don't assume char is signed).
-
-- Core:
-
- - (Incorrect last used array index copied to new array after unset).
- - (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
-
-- cURL:
-
- - (NULL byte injection - cURL lib).
-
-- EXIF:
-
- - (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
-
-- OpenSSL:
-
- - Reverted fixes for bug , due to regressions.
-
-- XMLRPC:
-
- - (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
-
-
-
-
Version 5.6.1
@@ -3390,94 +2074,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.5.17
-
-- Core:
-
- - (glob returns error, should be empty array()).
- - (SIGSEGV during zend_shutdown()).
- - (Crash on SIGTERM in apache process).
- - (program_prefix not honoured in man pages).
-
-- COM:
-
- - (DOTNET is successful once per server run).
-
-- Date:
-
- - (memory leaks in DateTime constructor).
- - (Some timezones are no longer valid in PHP 5.5.10).
- - (First uppercase letter breaks date string parsing).
-
-- FPM:
-
- - (FPM with mod_fastcgi/apache2.4 is broken).
-
-- GD:
-
- - Made fontFetch's path parser thread-safe.
-
-- MySQLi:
-
- - (mysqli does not handle 4-byte floats correctly).
-
-- OpenSSL:
-
- - (socket timeouts not honored in blocking SSL reads).
- - (extension won't build if openssl compiled without SSLv3).
-
-- SPL:
-
- - (CachingIterator::__construct InvalidArgumentException
- wrong message).
-
-- Zlib:
-
- - (chained zlib filters silently fail with large amounts of
- data).
- - (internal corruption phar error).
-
-
-
-
-
-Version 5.4.33
-
-- Core:
-
- - (glob returns error, should be empty array()).
- - (SIGSEGV during zend_shutdown()).
- - (Crash on SIGTERM in apache process).
-
-- OpenSSL:
-
- - (socket timeouts not honored in blocking SSL reads).
-
-- Date:
-
- - (memory leaks in DateTime constructor).
-
-- FPM:
-
- - (FPM with mod_fastcgi/apache2.4 is broken).
-
-- GD:
-
- - Made fontFetch's path parser thread-safe.
-
-- Wddx:
-
- - (Segfaults in php_wddx_serialize_var).
-
-- Zlib:
-
- - (chained zlib filters silently fail with large amounts of data).
- - (internal corruption phar error).
-
-
-
-
Version 5.6.0
@@ -3934,6 +2530,1040 @@ FILTER_FLAG_NO_PRIV_RANGE).
+
+
+Version 5.5.38
+
+- Core:
+
+ - (php_url_parse_ex() buffer overflow read). (CVE-2016-6288)
+ - (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)
+ - (Use After Free in unserialize() with Unexpected Session Deserialization). (CVE-2016-6290)
+ - (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)
+
+- BZip2:
+
+ - (Inadequate error handling in bzread()). (CVE-2016-5399)
+
+- EXIF:
+
+ - (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)
+ - (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)
+
+- GD:
+
+ - (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
+ - (imagegif/output out-of-bounds access).
+ - (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)
+
+- Intl:
+
+ - (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)
+
+- ODBC:
+
+ - (PHP segfaults when accessing nvarchar(max) defined columns). (CVE-2015-8879)
+
+- SNMP:
+
+ - (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)
+
+- Xmlrpc:
+
+ - (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)
+
+- Zip:
+
+ - (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)
+
+
+
+
+
+Version 5.5.37
+
+- Core:
+
+ - (Integer Overflow in nl2br()).
+ - (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).
+ - (Integer Overflow in addcslashes/addslashes).
+ - (Integer Overflow in Length of String-typed ZVAL).
+
+- GD:
+
+ - (Stack overflow with imagefilltoborder). (CVE-2015-8874)
+ - (pass2_no_dither out-of-bounds access).
+ - (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
+ - (NULL Pointer Dereference at _gdScaleVert).
+ - (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
+
+- mbstring:
+
+ - (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
+
+
+mcrypt:
+
+ - (Heap Overflow due to integer overflows). (CVE-2016-5769)
+
+SPL:
+
+ - (int/size_t confusion in SplFileObject::fread). (CVE-2016-5770)
+ - (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5771)
+
+WDDX:
+
+ - (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
+
+zip:
+
+ - (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)
+
+
+
+
+
+Version 5.5.36
+
+- Core:
+
+ - (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
+ - (Integer Overflow in php_html_entities). (CVE-2016-5094)
+
+- GD:
+
+ - (imagescale out-of-bounds read). (CVE-2013-7456)
+
+- Intl:
+
+ - (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
+
+- Phar:
+
+ - (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)
+
+
+
+
+
+Version 5.5.35
+
+- BCMath:
+
+ - (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)
+
+- Exif:
+
+ - (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
+
+- GD:
+
+ - (libgd: signedness vulnerability). (CVE-2016-3074)
+
+- Intl:
+
+ - (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)
+
+- XML:
+
+ - (xml_parse_into_struct segmentation fault). (CVE-2016-4539)
+
+
+
+
+
+Version 5.5.34
+
+- Fileinfo:
+
+ - (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)
+
+- Mbstring:
+
+ - (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)
+
+- ODBC:
+
+ - (Invalid memory write in phar on filename with \0 in name). (CVE-2016-4072)
+
+- SNMP:
+
+ - (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)
+
+- Standard:
+
+ - (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)
+
+
+
+
+
+Version 5.5.33
+
+- Phar:
+
+ - (Out-of-Bound Read in phar_parse_zipfile()).
+
+- WDDX:
+
+ - (Use-After-Free / Double-Free in WDDX Deserialize).
+
+
+
+
+
+Version 5.5.32
+
+- Core:
+
+ - (exec functions ignore length but look for NULL termination).
+ - (Output of stream_get_meta_data can be falsified by its input).
+ - (Integer overflow in iptcembed()).
+
+- GD:
+
+ - Improved fix for bug .
+
+- PCRE:
+
+ - Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
+
+- Phar:
+
+ - (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)
+ - (NULL Pointer Dereference in phar_tar_setupmetadata()).
+ - (Stack overflow when decompressing tar archives). (CVE-2016-2554)
+
+- WDDX:
+
+ - (Type Confusion in WDDX Packet Deserialization).
+
+
+
+
+
+Version 5.5.31
+
+- FPM:
+
+ - (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)
+
+- GD:
+
+ - (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)
+
+- WDDX:
+
+ - (Use After Free Vulnerability in WDDX Packet Deserialization).
+ - (Session WDDX Packet Deserialization Type Confusion Vulnerability).
+
+- XMLRPC:
+
+ - (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
+
+
+
+
+
+Version 5.5.30
+
+- Phar:
+
+ - (Null pointer dereference in phar_get_fp_offset()). (CVE-2015-7803)
+ - (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). (CVE-2015-7804)
+
+
+
+
+
+Version 5.5.29
+
+- Core:
+
+ - (Use After Free Vulnerability in unserialize()). (CVE-2015-6834)
+ - (Use after free vulnerability in session deserializer). (CVE-2015-6835)
+
+- EXIF:
+
+ - (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
+
+- hash:
+
+ - (HAVAL gives wrong hashes in specific cases).
+
+- PCRE:
+
+ - (Multiple vulnerabilities related to PCRE functions).
+
+- SOAP:
+
+ - (SOAP serialize_function_call() type confusion / RCE). (CVE-2015-6836)
+
+- SPL:
+
+ - (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)
+ - (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)
+
+- XSLT:
+
+ - (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
+
+- ZIP:
+
+ - (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)
+
+
+
+
+
+Version 5.5.28
+
+- Core:
+
+ - (Remotely triggerable stack exhaustion via recursive method calls).
+ - (Different arrays compare indentical due to integer key truncation).
+ - (TS issues with temporary dir handling).
+ - (unserialize() could lead to unexpected methods execution / NULL pointer deref).
+
+- OpenSSL:
+
+ - (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
+
+- Phar:
+
+ - Improved fix for bug .
+ - (Files extracted from archive may be placed outside of destination directory). (CVE-2015-6833)
+
+- SOAP:
+
+ - (SoapClient info leak / null pointer dereference via multiple type confusions).
+
+- SPL:
+
+ - (Dangling pointer in the unserialization of ArrayObject items). (CVE-2015-6832)
+ - (Use After Free Vulnerability in unserialize() with SPLArrayObject). (CVE-2015-6831)
+ - (Use After Free Vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6831)
+ - (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6831)
+
+
+
+
+
+Version 5.5.27
+
+- Core:
+
+ - (escapeshell*() doesn't cater to !).
+ - (Use __builtin_clzl on PowerPC).
+ - (can induce segmentation fault with basic php code).
+ - (Windows 10 reported as Windows 8).
+ - (parse_ini_file() and parse_ini_string() segmentation fault).
+ - (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business").
+ - (phpinfo() does not report many Windows SKUs).
+ - (Different arrays compare indentical due to integer key truncation).
+ - (Can't set empty additional_headers for mail()), regression from fix to bug .
+
+- GD:
+
+ - (imagegammacorrect function loses alpha channel).
+
+- Mysqlnd:
+
+ - (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
+
+- PCRE:
+
+ - Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string).
+ - (Segfault in preg_replace_callback).
+
+- PDO_pgsql:
+
+ - (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).
+ - (PDO-pgsql fails to connect if password contains a leading single quote).
+ - (PDO PgSQL Incorrect binding numeric array with gaps).
+
+- Phar:
+
+ - (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
+ - (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
+
+- SimpleXML:
+
+ - Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name).
+
+- SPL:
+
+ - (Segfault when SplMinHeap::compare produces fatal error).
+ - (SplFileObject setMaxLineLength).
+
+
+
+
+
+Version 5.5.26
+
+- Core:
+
+ - (Conditional jump or move depends on uninitialised value in extension trait).
+ - (temp. directory is cached during multiple requests).
+ - (complex GLOB_BRACE fails on Windows).
+ - (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
+ - (Incorrect handling of paths with NULs). (CVE-2015-4598)
+
+- FTP:
+
+ - Improved fix for bug (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
+
+- GD:
+
+ - (GD fails to build with newer libvpx).
+
+- Iconv:
+
+ - (iconv with //IGNORE cuts the string).
+
+- Litespeed SAPI:
+
+ - (Unchecked return value).
+
+- Mail:
+
+ - (mail() does not have mail header injection prevention for additional headers).
+
+- MCrypt:
+
+ - Added file descriptor caching to mcrypt_create_iv().
+
+- Opcache:
+
+ - (Memory leak with opcache.optimization_level=0xFFFFFFFF).
+
+- PCRE:
+
+ - Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
+
+- Phar:
+
+ - (phar symlink in binary directory broken).
+
+- Postgres:
+
+ - (segfault in php_pgsql_meta_data). (CVE-2015-4644)
+
+- Sqlite3:
+
+ - Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
+ CVE-2015-3416)
+
+
+
+
+
+Version 5.5.25
+
+- Core:
+
+ - (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024)
+ - (str_repeat() sign mismatch based memory corruption).
+ - (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
+ - (heap buffer overflow in unpack()).
+ - (Wrong checked for the interface by using Trait).
+ - (Invalid read in zend_std_get_method).
+ - ("use statement [...] has no effect" depends on leading backslash).
+ - (Segmentation fault in gc_remove_zval_from_buffer).
+ - (segmentation fault in destructor).
+ - (Returning compatible sub generator produces a warning).
+ - (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA).
+
+- FTP:
+
+ - (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)
+
+- ODBC:
+
+ - (Incorrect use of SQLColAttributes with ODBC 3.0).
+ - (ODBC: Query with same field name from two tables returns incorrect result).
+ - (out of memory with sage odbc driver).
+
+- OpenSSL:
+
+ - (Reading empty SSL stream hangs until timeout).
+
+- PCNTL:
+
+ - (pcntl_exec() should not allow null char). (CVE-2015-4026)
+
+- Phar:
+
+ - (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)
+
+
+
+
+
+Version 5.5.24
+
+- Apache2handler:
+
+ - (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
+
+- Core:
+
+ - (php crashes with __get() and ++ operator in some cases).
+ - (User exceptions not properly handled in streams).
+ - (get_browser() browser_name_regex returns non-utf-8 characters).
+ - (parse_url fails on some partial urls).
+ - (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
+ - Additional fix for bug (Type confusion vulnerability in exception::getTraceAsString).
+ - (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
+ - (Segmentation fault when using a generator in combination with an Iterator).
+ - (php_stream_url_wrap_http_ex() type-confusion vulnerability).
+ - (Missing null byte checks for paths in various PHP extensions). (CVE-2015-3411, CVE-2015-3412)
+
+- cURL:
+
+ - (HTTP2 support).
+ - (Missing break / control flow).
+ - (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
+
+- Date:
+
+ - Export date_get_immutable_ce so that it can be used by extensions.
+ - (Issues with "last day of <monthname>").
+
+- Enchant:
+
+ - (Enchant broker plugins are in the wrong place in windows builds).
+
+- Ereg:
+
+ - (NULL Pointer Dereference).
+
+- Fileinfo:
+
+ - (Fileinfo on specific file causes spurious OOM and/or segfault). (CVE-2015-4604, CVE-2015-4605)
+
+- Filter:
+
+ - (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
+ - (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
+
+- Mbstring:
+
+ - (False detection of CJK Unified Ideographs Extension E).
+
+- ODBC:
+
+ - (Incorrect use of SQLColAttributes with ODBC 3.0).
+
+- OPCache:
+
+ - (opcache_is_script_cached no longer works).
+ - (Use After Free). (CVE-2015-1351)
+
+- OpenSSL:
+
+ - (Add signatureType to openssl_x509_parse).
+ - Add a check for RAND_egd to allow compiling against LibreSSL.
+
+- Phar:
+
+ - (PharData::extractTo fails for tarball created by BSD tar).
+ - (phar_add_file is too restrictive on filename).
+ - (Call to undefined method cli_arg_typ_string).
+ - (Phar::mapPhar fails for Phars inside a path containing ".tar").
+ - (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783, CVE-2015-3307)
+ - (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
+
+- Postgres:
+
+ - (Null pointer dereference). (CVE-2015-1352)
+
+- SOAP:
+
+ - (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (CVE-2015-4599)
+ - (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
+
+- SPL:
+
+ - (Use after free in zval_scan caused by spl_object_storage_get_gc).
+
+- SQLITE:
+
+ - (SQLITE segfaults if custom collator throws an exception).
+ - (Upgrade bundled sqlite to 3.8.8.3).
+ - (SQLite prepared statement use-after-free).
+
+
+
+
+
+
+Version 5.5.23
+
+- Core:
+
+ - (leaks when unused inner class use traits precedence).
+ - (Crash in gc_zval_possible_root on unserialize).
+ - (Segfault in get_current_user when script owner is not in passwd with ZTS build).
+ - (Segfault when calling ob_start from output buffering callback).
+ - (Fail to push to the empty array with the constant value defined in class scope).
+ - (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
+ - (Exception with invalid character causes segv).
+ - (Missing arguments in reflection info for some builtin functions).
+ - (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
+ - (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
+ - (move_uploaded_file allows nulls in path). (CVE-2015-2348)
+
+- CGI:
+
+ - (php-cgi's getopt does not see $argv).
+
+- CLI:
+
+ - (auto_prepend_file messes up __LINE__).
+
+- cURL:
+
+ - (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
+ - Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
+
+- Ereg:
+
+ - (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
+
+- FPM:
+
+ - (request time is reset too early).
+
+- JSON :
+
+ - Fixed bug #64695 (JSON_NUMERIC_CHECK has issues with strings that are
+ numbers plus the letter e).
+
+- ODBC:
+
+ - (Allowed memory size exhausted with odbc_exec).
+
+- Opcache:
+
+ - (Array numeric string as key).
+ - (switch(SOMECONSTANT) misbehaves).
+
+- OpenSSL:
+
+ - , , , (encrypted streams don't observe socket timeouts).
+
+- pgsql:
+
+ - (pg_update() fails to store infinite values).
+
+- Readline:
+
+ - (Null dereference in readline_(read|write)_history() without parameters).
+
+- SOAP:
+
+ - (SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)
+
+- SPL:
+
+ - ("Segmentation fault" when (de)serializing SplObjectStorage).
+ - (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
+
+- ZIP:
+
+ - (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)
+
+
+
+
+
+Version 5.5.22
+
+- Core:
+
+ - (getClosure returns somethings that's not a closure).
+ - (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
+ - (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
+ - Added NULL byte protection to exec, system and passthru.
+ - Removed support for multi-line headers, as they are deprecated by RFC 7230.
+
+- Date:
+
+ - (strtotime incorrectly interprets SGT time zone).
+
+- Dba:
+
+ - (useless comparisons).
+
+- Enchant:
+
+ - (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
+
+- Fileinfo:
+
+ - (Double free with disabled ZMM).
+
+- FPM:
+
+ - (Wrong response to FCGI_GET_VALUES).
+ - (core dump when webserver close the socket).
+
+- Libxml:
+
+ - (libxml_disable_entity_loader setting is shared between threads). (CVE-2015-8866)
+
+- PDO_mysql:
+
+ - (PDOMysql with mysqlnd does not allow the usage of named pipes).
+
+- Phar:
+
+ - (use after free). (CVE-2015-2301)
+
+- Pgsql:
+
+ - (pg_copy_from() modifies input array variable).
+
+- Sqlite3:
+
+ - (SQLite3Result::fetchArray declares wrong required_num_args).
+
+- Mysqli:
+
+ - (linker error on some OS X machines with fixed width decimal support).
+ - (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors).
+
+- Session:
+
+ - (mod_files.sh is a bash-script).
+ - (no EINTR check on flock).
+ - (Empty session IDs do still start sessions).
+
+- Standard:
+
+ - (flock() out parameter not set correctly in windows).
+ - (Request may get env. variables from previous requests if PHP works as FastCGI).
+
+- Streams:
+
+ - Fixed bug which caused call after final close on streams filter.
+
+
+
+
+
+Version 5.5.21
+
+- Core:
+
+ - Upgraded crypt_blowfish to version 1.3.
+ - (unlink() bug with some files path).
+ - (Inside trait, self::class != __CLASS__).
+ - (Constructor from trait conflicts with inherited constructor).
+ - (errors spawn MessageBox, which blocks test automation).
+ - (Application Popup provides too few information).
+ - (localeconv() broken in TS builds).
+ - (setting locale randomly broken).
+ - (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly).
+ - (Crash in timeout thread).
+ - (Explicit Double Free). (CVE-2014-9425)
+ - (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
+
+- CGI:
+
+ - (out of bounds read crashes php-cgi). (CVE-2014-9427)
+
+- CLI server:
+
+ - (Invalid HTTP requests make web server segfault).
+
+- cURL:
+
+ - (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set).
+
+- EXIF:
+
+ - (Free called on uninitialized pointer). (CVE-2015-0232)
+
+- Fileinfo:
+
+ - (incorrect expression in libmagic).
+ - (fileinfo out-of-bounds memory access). (CVE-2014-9652)
+ - Removed readelf.c and related code from libmagic sources.
+
+- FPM:
+
+ - (listen.allowed_clients is broken).
+
+- GD:
+
+ - (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
+
+- Mbstring:
+
+ - (--with-libmbfl configure option not present on Windows).
+
+- Mcrypt:
+
+ - Fixed possible read after end of buffer and use after free.
+
+- Opcache:
+
+ - (Memory leak when using "continue 2" inside two foreach loops).
+
+- OpenSSL:
+
+ - (use case-insensitive cert name matching).
+
+- Pcntl:
+
+ - (pcntl_signal doesn't decrease ref-count of old handler
+ when setting SIG_DFL).
+
+- PCRE:
+
+ - (Alignment Bug in PCRE 8.34 upstream).
+
+- pgsql:
+
+ - (lo_export return -1 on failure).
+
+- PDO:
+
+ - (PDO#getAttribute() cannot be called with platform-specific
+ attribute names).
+
+- PDO_mysql:
+
+ - (Add new PDO mysql connection attr to control multi
+ statements option).
+
+- SPL:
+
+ - (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
+ breaks the RecursiveIterator).
+ - (cannot cast SplFileInfo to boolean).
+ - (Added escape parameter to SplFileObject::fputcsv).
+
+- SQLite:
+
+ - (Update bundled libsqlite to 3.8.7.2).
+
+- Streams:
+
+ - (convert.base64-encode omits padding bytes).
+
+
+
+
+
+
+Version 5.5.20
+
+- Core:
+
+ - (Some Zend headers lack appropriate extern "C" blocks).
+ - ("Inconsistent insteadof definition."- incorrectly triggered).
+ - ("unset($this)" can make the program crash).
+ - (NULL pointer dereference in unserialize.c).
+ - (Use after free vulnerability in unserialize()). (CVE-2014-8142)
+
+- Date:
+
+ - Fixed day_of_week function as it could sometimes return negative values internally.
+
+- FPM:
+
+ - (fpm_unix_init_main ignores log_level).
+ - (listen=9000 listens to ipv6 localhost instead of all addresses).
+ - (access.format='%R' doesn't log ipv6 address).
+ - (PHP-FPM will no longer load all pools).
+ - (listen.allowed_clients is IPv4 only).
+ - (php-fpm man page is oudated).
+ - (Change pm.start_servers default warning to notice).
+ - (listen.allowed_clients can silently result in no allowed access).
+ - (php-fpm conf files loading order).
+ - (access.log don't use prefix).
+
+- Mcrypt:
+
+ - Fixed possible read after end of buffer and use after free.
+
+- PDO_pgsql:
+
+ - (Segmentation fault on statement deallocation).
+ - (PDO_PGSQL::beginTransaction() wrongly throws exception
+ when not in transaction).
+ - (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving).
+
+- SOAP:
+
+ - (Segmentation fault on SoapClient::__getTypes).
+
+- zlib:
+
+ - (Compiling PHP with large file support will replace
+ function gzopen by gzopen64).
+
+
+
+
+
+Version 5.5.19
+
+- Core:
+
+ - (AddressSanitizer reports a heap buffer overflow in
+ php_getopt()).
+ - ($a->foo .= 'test'; can leave $a->foo undefined).
+ - (parse_url() - incomplete support for empty usernames
+ and passwords).
+ - (zend_mm_heap corrupted after memory overflow in
+ zend_hash_copy).
+
+- cURL:
+
+ - Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
+ CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl.
+
+- Fileinfo:
+
+ - (libmagic: don't assume char is signed).
+ - (fileinfo: out-of-bounds read in elf note headers).
+ (CVE-2014-3710)
+
+- FPM:
+
+ - (listen and listen.allowed_clients should take IPv6
+ addresses.
+
+- GD:
+
+ - imagescale() fails without height param
+
+- GMP:
+
+ - (GMP memory management conflicts with other libraries
+ using GMP).
+
+- Mysqli:
+
+ - (linker error on some OS X machines with fixed width
+ decimal support).
+
+- ODBC:
+
+ - (ODBC not correctly reading DATE column when preceded by
+ a VARCHAR column)
+
+- SPL:
+
+ - (Regression in RecursiveRegexIterator)
+
+
+
+
+
+Version 5.5.18
+
+- Core:
+
+ - (Incorrect last used array index copied to new array after
+ unset).
+ - (Windows 8.1/Server 2012 R2 OS build number reported
+ as 6.2 (instead of 6.3)).
+ - (A foreach on an array returned from a function not doing
+ copy-on-write).
+ - (proc_open on Windows hangs forever).
+ - (Integer overflow in unserialize() (32-bits only)).
+ (CVE-2014-3669)
+
+- cURL:
+
+ - (NULL byte injection - cURL lib).
+
+- Exif:
+
+ - (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
+
+- FPM:
+
+ - (PHP-FPM incorrectly defines the SCRIPT_NAME variable
+ when using Apache, mod_proxy-fcgi and ProxyPass).
+
+- OpenSSL:
+
+ - Revert regression introduced by fix of bug .
+
+- Reflection:
+
+ - (Duplicate entry in Reflection for class alias).
+
+- Session:
+
+ - (SessionHandler Invalid memory read create_sid()).
+
+- XMLRPC:
+
+ - (Global buffer overflow in mkgmtime() function).
+ (CVE-2014-3668)
+
+
+
+
+
+Version 5.5.17
+
+- Core:
+
+ - (glob returns error, should be empty array()).
+ - (SIGSEGV during zend_shutdown()).
+ - (Crash on SIGTERM in apache process).
+ - (program_prefix not honoured in man pages).
+
+- COM:
+
+ - (DOTNET is successful once per server run).
+
+- Date:
+
+ - (memory leaks in DateTime constructor).
+ - (Some timezones are no longer valid in PHP 5.5.10).
+ - (First uppercase letter breaks date string parsing).
+
+- FPM:
+
+ - (FPM with mod_fastcgi/apache2.4 is broken).
+
+- GD:
+
+ - Made fontFetch's path parser thread-safe.
+
+- MySQLi:
+
+ - (mysqli does not handle 4-byte floats correctly).
+
+- OpenSSL:
+
+ - (socket timeouts not honored in blocking SSL reads).
+ - (extension won't build if openssl compiled without SSLv3).
+
+- SPL:
+
+ - (CachingIterator::__construct InvalidArgumentException
+ wrong message).
+
+- Zlib:
+
+ - (chained zlib filters silently fail with large amounts of
+ data).
+ - (internal corruption phar error).
+
+
+
+
Version 5.5.16
@@ -3991,119 +3621,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.32
-
-- Core:
-
- - (segfault in dns_get_record) (CVE-2014-3597).
- - (incorrect push to the empty array)
-
-- COM:
-
- - Fixed missing type checks in com_event_sink.
-
-- Fileinfo:
-
- - (extensive backtracking in rule regular expression). (CVE-2014-3538)
- - (Segfault in cdf.c) (CVE-2014-3587).
-
-- GD:
-
- - (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
- - (Null byte injection possible with imagexxx functions) (CVE-2014-5120).
-
-- Milter:
-
- - (php-milter does not build and crashes randomly).
-
-- OpenSSL:
-
- - Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
-
-- Readline:
-
- - (Interactive mode doesn't force a newline before the prompt).
- - (Save command history when exiting interactive shell with control-c).
-
-- Sessions:
-
- - Fixed missing type checks in php_session_create_id.
-
-- SPL:
-
- - (ArrayIterator use-after-free due to object change during sorting) (CVE-2014-4698).
- - (SPL Iterators use-after-free) (CVE-2014-4670).
-
-- ODBC:
-
- - (odbc_fetch_into returns junk data at end of multi-byte char fields).
-
-
-
-
-
-Version 5.3.29
-
-- Core:
-
- - (Segmentation fault with ArrayObject unset).
- - (spl_fixedarray_resize integer overflow).
- - (printf out-of-bounds read).
- - (iptcparse out-of-bounds read).
- - (convert_uudecode out-of-bounds read).
- - (Segfault in recursiveDirectoryIterator).
- - (insecure temporary file use in the configure script). (CVE-2014-3981)
- - (putenv with empty variable may lead to crash).
- - (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
- - (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
-
-
-COM:
-
- - Fixed missing type checks in com_event_sink.
-
-Date:
-
- - (Heap buffer over-read in DateInterval). (CVE-2013-6712)
- - (date_parse_from_format out-of-bounds read).
- - (timelib_meridian_with_check out-of-bounds read).
-
-Exif:
-
- - (Integer overflow in exif_read_data()).
-
-Fileinfo:
-
- - (Fileinfo crashes with powerpoint files).
- - (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
- - (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
- - (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
- - (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).
- - (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).
- - (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).
- - (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).
-
-Intl:
-
- - (Locale::parseLocale Double Free).
- - (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
-
-Network:
-
- - (Fix potential segfault in dns_get_record()). (CVE-2014-4049)
-
-OpenSSL:
-
- - Fixed missing type checks in OpenSSL options.
-
-Session:
-
- - Fixed missing type checks in php_session_create_id.
-
-
-
-
Version 5.5.15
@@ -4162,48 +3679,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-
-Version 5.4.31
-
-- Core:
-
- - (header('Location: foo') will override a 308-399 response code).
- - (Autoloader isn't called if two method definitions don't match).
- - (make install fails to install libphp5.so on FreeBSD 10.0).
- - (strtr with empty array crashes).
- - (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).
-
-- CLI server:
-
- - (CLI server is missing some new HTTP response codes).
- - (Empty header causes PHP built-in web server to hang).
-
-- FPM:
-
- - (error_log=syslog ignored).
- - (syslog cannot be set in pool configuration).
-
-- Intl:
-
- - (NumberFormatter::parse() resets LC_NUMERIC setting).
-
-- pgsql:
-
- - (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3.
-
-- Phar:
-
- - (Redirection loop on nginx with FPM).
-
-- Streams:
-
- - (http:// wrapper doesn't follow 308 redirects).
-
-
-
-
-
Version 5.5.14
@@ -4278,62 +3753,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.30
-
-- Core:
-
- - Fixed BC break introduced by patch for bug .
- - (Closures do not correctly capture the late bound class (static::) in some cases).
- - (insecure temporary file use in the configure script) (CVE-2014-3981).
- - (putenv with empty variable may lead to crash).
- - (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
-
-- CLI server:
-
- - (built-in web-server segfaults on startup).
-
-- Date:
-
- - (Serialize of DateTime truncates fractions of second).
- - Fixed regression in fix for bug (constructor can't be called twice).
-
-- Fileinfo:
-
- - (fileinfo: cdf_read_short_sector insufficient boundary check) (CVE-2014-0207).
- - (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).
- - (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).
- - (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).
- - (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).
-
-- Intl:
-
- - (Locale::parseLocale Double Free).
- - (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
-
-- Network:
-
- - (Fix potential segfault in dns_get_record()) (CVE-2014-4049).
-
-- OpenSSL:
-
- - (certificates validity parsing does not work past 2050).
- - (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
-
-- SOAP:
-
- - (Add SoapClient::__getCookies()).
-
-- SPL:
-
- - (Segmentation fault with ArrayObject unset).
- - (Segfault in recursiveDirectoryIterator).
- - (Missing element after ArrayObject::getIterator).
- - (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
-
-
-
-
Version 5.5.13
@@ -4399,50 +3818,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.29
-
-- COM:
-
- - (Special Character via COM Interface (CP_UTF8)).
-
-- Core:
-
- - (copy() doesn't work when destination filename is created by tempnam()).
- - (Echoing unserialized "SplFileObject" crash).
- - (usage of memcpy() with overlapping src and dst in zend_exceptions.c).
- - (spl_fixedarray_resize integer overflow).
- - (printf out-of-bounds read).
- - (iptcparse out-of-bounds read).
- - (convert_uudecode out-of-bounds read). (Stas)
-
-- Fileinfo:
-
- - (Fileinfo crashes with powerpoint files).
- - (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
- - (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
-
-- Date:
-
- - (DateTime constructor crash with invalid data).
- - (date_parse_from_format out-of-bounds read).
- - (timelib_meridian_with_check out-of-bounds read).
-
-- DOM:
-
- - (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset).
-
-- FPM:
-
- - (php-fpm reload leaks epoll_create() file descriptor).
-
-- Phar:
-
- - ($phar->buildFromDirectory can't compress file with an accent in its name).
-
-
-
-
Version 5.5.12
@@ -4519,67 +3894,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.28
-
-- Core:
-
- - (Out of memory on command stream_get_contents).
- - (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).
- - (Symlinks and session handler allow open_basedir bypass).
- - (exit in stream filter produces segfault).
- - (fpassthru broken).
- - (getimagesize should recognize BMP files with negative height).
-
-- cURL:
-
- - (curl_exec returns differently than curl_multi_getcontent).
-
-- Date:
-
- - (__wakeup of DateTime segfaults when invalid object data is supplied).
-
-- Embed:
-
- - (php5embed.lib isn't provided anymore).
-
-- Fileinfo:
-
- - (Memory corruption in fileinfo ext / bigendian).
-
-- FPM:
-
- - (unknown entry 'priority' in php-fpm.conf).
- - (sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185).
-
-- JSON:
-
- - (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).
-
-- LDAP:
-
- - Fixed issue with null bytes in LDAP bindings.
-
-- OpenSSL:
-
- - (memory leak in openssl_seal()).
- - (memory leak in openssl_open()).
-
-- SimpleXML:
-
- - (simplexml_load_string() mangles empty node name) (Anatol)
-
-- XSL:
-
- - (<xsl:include> cannot find files with relative paths when loaded with "file://").
-
-- Apache2 Handler SAPI:
-
- - Fixed Apache log issue caused by APR's lack of support for %zu (APR issue 56120).
-
-
-
-
Version 5.5.11
@@ -4649,41 +3963,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.27
-
-- Core:
-
- - (proc_open() changes environment array)
-
-- Fileinfo:
-
- - (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)
-
-- FPM:
-
- - Added clear_env configuration directive to disable clearenv() call.
-
-- GMP:
-
- - (invalid argument crashes gmp_testbit)
-
-- Mail:
-
- - (Don't add newline after X-PHP-Originating-Script)
-
-- MySQLi:
-
- - (Segfault in mysqli_stmt::bind_result() when link closed)
-
-- Openssl:
-
- - (Default disgest algo is still MD5, switch to SHA1)
-
-
-
-
-
Version 5.5.10
@@ -4731,38 +4010,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.26
-
-- Date:
-
- - (some time zone offsets not recognized by timezone_name_from_abbr)
- - (DateTime::setTimezone can not set timezones without ID)
-
-- JSON:
-
- - (JsonSerializeable couldn't implement on module extension)
-
-- Fileinfo:
-
- - (file: infinite recursion) (CVE-2014-1943).
- - (out-of-bounds memory access in fileinfo) (CVE-2014-2270).
-
-- LDAP:
-
- - Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
-
-- Openssl:
-
- - (Add EC key support to php_openssl_is_private_key).
-
-- Pgsql:
-
- - Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().
-
-
-
-
Version 5.5.9
@@ -4808,29 +4055,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.25
-
-- Core:
-
- - (Incorrect object comparison with inheritance).
- - (copy() arginfo has changed starting from 5.4).
-
-- mysqlnd:
-
- - (Segmentation fault after memory_limit).
-
-- PDO_pgsql:
-
- - (PDO-psql cannot connect if password contains spaces).
-
-- Session:
-
- - (Calls to session_name() segfault when session.name is null).
-
-
-
-
Version 5.5.8
@@ -4903,57 +4127,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.24
-
-- Core:
-
- - Added validation of class names in the autoload process.
- - Fixed invalid C code in zend_strtod.c.
- - (fopen and O_NONBLOCK).
-
-- Date:
-
- - (Heap buffer over-read in DateInterval, CVE-2013-6712).
- - (Incorrect/inconsistent day of week prior to the year 1600).
- - (Wrong Day of Week).
-
-- DOM:
-
- - (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
-
-- Exif:
-
- - (Integer overflow in exif_read_data()).
-
-- Filter:
-
- - (128.0.0.0/16 isn't reserved any longer).
-
-- GD:
-
- - (Use freetype-config for determining freetype2 dir(s)).
-
-- PDO_odbc:
-
- - (Stack smashing protection kills PDO/ODBC queries).
-
-- SNMP:
-
- - Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
-
-- XSL:
-
- - (Segfault throwing an exception in a XSL registered function).
-
-- ZIP:
-
- - (ZipArchive::open() ze_obj->filename_len not real).
-
-
-
-
-
Version 5.5.7
@@ -4985,49 +4158,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.23
-
-- Core:
-
- - (unregister_tick_function tries to cast a Closure to a string).
- - (basename is no more working after fgetcsv in certain situation).
-
-- JSON:
-
- - Fixed whitespace part of ("json_decode handles whitespace and case-sensitivity incorrectly").
-
-- MySQLi:
-
- - (Segfault calling bind_param() on mysqli).
-
-- mysqlnd:
-
- - (mysqli under mysqlnd loses precision when bind_param with 'i').
- - (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query).
-
-- OpenSSL:
-
- - Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
-
-- PDO:
-
- - (sql_parser permanently converts values bound to strings).
-
-
-
-
-
-Version 5.3.28
-
-- Openssl:
-
- - Fixed handling null bytes in subjectAltName (CVE-2013-4248).
- - Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
-
-
-
-
Version 5.5.6
@@ -5073,46 +4203,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.22
-
-- Core:
-
- - (scope resolution operator - strange behavior with $this).
-
-- CLI server:
-
- - (Segfault with built-in webserver and chunked transfer encoding).
-
-- Exif:
-
- - Fixed crash on unknown encoding.
-
-- FTP:
-
- - (ftp_nb_continue produces segfault).
-
-- ODBC:
-
- - (Field name truncation if the field name is bigger than 32 characters).
-
-- Sockets:
-
- - (the socket_connect() won't work with IPv6 address).
-
-- Standard:
-
- - (var_export() does not use full precision for floating-point numbers).
-
-- XMLReader:
-
- - (Crash with clone XMLReader).
- - (XMLReader does not suppress errors).
-
-
-
-
-
Version 5.5.5
@@ -5189,46 +4279,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.21
-
-- Core:
-
- - (compile time errors won't trigger auto loading).
-
-- CLI server:
-
- - (built-in server treat some http headers as case-sensitive).
-
-- Datetime:
-
- - (DateTime::createFromFormat() reports confusing error message).
-
-- DBA extension:
-
- - (dba functions cast $key param to string in-place, bypassing copy on write).
-
-- Filter:
-
- - Add RFC 6598 IPs to reserved addresses.
- - (FILTER_VALIDATE_URL rejects fully qualified domain names).
-
-- IMAP:
-
- - (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
-
-- Standard:
-
- - (content-type must appear at the end of headers for 201 Location to work in http).
-
-- Build system:
-
- - ('make test' crashes starting with 5.3.14 (missing gzencode())).
-
-
-
-
-
Version 5.5.4
@@ -5273,76 +4323,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.20
-
-- Core:
-
- - (cli/apache sapi segfault on objects manipulation).
- - (Using traits with get_class_methods causes segfault).
- - (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
- - (quoted-printable encode stream filter incorrectly encoding spaces).
- - (shutdown segfault due to serialize).
- - (Segmentation fault in zend_error() with --enable-dtrace).
- - (Segfault in gc_zval_possible_root when return reference fails).
- - (Use of max int in array_sum).
- - (get_defined_constants() causes PHP to crash in a very limited case).
- - (PHP_BINARY incorrectly set).
- - Improved fix for bug (compile failure on netbsd).
- - (PHP fails to build with DTrace).
- - (class_alias() should accept classes with leading backslashes).
- - (CGI mode - make install don't work).
- - Cherry-picked some DTrace build commits (allowing builds on Linux, bug and bug ) from PHP 5.5 branch.
- - (--enable-dtrace leads make to clobber Zend/zend_dtrace.d)
-
-- cURL:
-
-- Datetime:
-
- - (createFromFormat broken when weekday name is followed by some delimiters)
- - (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer)
-
-- Openssl:
-
- - (openssl_x509_parse fails to parse subject properly in some cases).
-
-- Session:
-
- - (rfc1867 crashes php even though turned off).
- - (session id not appended properly for empty anchor tags).
- - Fixed possible buffer overflow under Windows. Note: Not a security fix.
- - Changed session.auto_start to PHP_INI_PERDIR.
-
-- SOAP:
-
- - (SoapHeader problems with SoapServer).
-
-- SPL:
-
- - (Segfault when getting SplStack object Value).
-
-- PDO:
-
- - (Postgres prepared statement positional parameter casting).
-
-- Phar:
-
- - (Phar::buildFromDirectory creates corrupt archives for some specific contents).
-
-- Pgsql:
-
- - (pg_escape_literal/identifier() silently returns false).
- - (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
-
-- Zlib:
-
- - (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called).
-
-
-
-
Version 5.5.3
@@ -5353,20 +4333,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.19
-
-- Core:
-
- - (Compilation fails with error: conflicting types for 'zendparse').
-
-- Openssl:
-
- - Fixed UMR in fix for CVE-2013-4248.
-
-
-
-
Version 5.5.2
@@ -5430,106 +4396,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.4.18
-
-- Core:
-
- - Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value).
- - (Exception not catchable when exception thrown in autoload with a namespace).
- - (is_callable() triggers Fatal Error).
- - (Generated configure script is malformed on OpenBSD).
- - (Possible XSS on "Registered stream filters" info).
- - (Error on serialize of ArrayObject).
- - (variant_* functions causes crash when null given as an argument).
- - (php_error_docref links to invalid pages).
- - (chroot() does not get enabled).
-
-- CGI:
-
- - (Missing php-cgi man page).
-
-- CLI server:
-
- - (Cli server not responsive when responding with 422 http status code).
-
-- CURL:
-
- - (curl.cainfo doesn't appear in php.ini).
-
-- FPM:
-
- - (enabling FPM borks compile on FreeBSD).
-
-- FTP:
-
- - (FTPs memory leak with SSL).
-
-- GMP:
-
- - (Memory leak in gmp_cmp second parameter).
-
-- Imap:
-
- - (Segmentation fault after imap_reopen failure).
-
-- Intl:
-
- - (Buggy grapheme_substr() on edge case).
- - (Offsets may be wrong for grapheme_stri* functions).
-
-- mysqlnd:
-
- - Fixed segfault in mysqlnd when doing long prepare.
-
-- ODBC:
-
- - (NULL valued anonymous column causes segfault in odbc_fetch_array).
-
-- Openssl:
-
- - Fixed handling null bytes in subjectAltName (CVE-2013-4248).
-
-- PDO:
-
- - Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
-
-- PDO_dblib:
-
- - (PDO/dblib not working anymore ("use dbName" not sent)).
-
-- PDO_pgsql:
-
- - Fixed meta data retrieve when OID is larger than 2^31.
-
-- Phar:
-
- - (Missing phar man page).
-
-- Session:
-
- - ($_SESSION[$key]["cancel_upload"] doesn't work as documented).
- - (when session_name("123") consist only digits, should warning).
- - (mod_files.sh does not support hash bits).
-
-- Sockets:
-
- - (Setting SO_BINDTODEVICE with socket_set_option).
-
-- SPL:
-
- - (RecursiveDirectoryIterator segfault).
- - (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice).
- - (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings).
-
-- XML:
-
- - (heap corruption in xml parser). (CVE-2013-4113)
-
-
-
-
-
Version 5.5.1
@@ -5612,103 +4478,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.27
-
-- Core:
-
- - (segfault in zend_do_fcall_common_helper_SPEC).
- - (Segfault in gc_zval_possible_root).
- - (Apache2 TS crash with get_browser()).
- - (compile failure on netbsd).
-
-- DateTime:
-
- - (Crash when using unserialized DatePeriod instance).
-
-- PDO_firebird:
-
- - (Firebird return wrong value for numeric field).
- - (Cannot insert second row with null using parametrized query).
-
-- PDO_pgsql:
-
- - (Buffer overflow in _pdo_pgsql_error).
-
-- pgsql:
-
- - (pg_convert enum type support).
-
-- SPL:
-
- - (Segfault while using RecursiveIteratorIterator on 64-bits systems).
-
-- XML:
-
- - (heap corruption in xml parser). (CVE-2013-4113)
-
-
-
-
-
-Version 5.4.17
-
-- Core:
-
- - (Class loading order affects E_STRICT warning).
- - (segfault in zend_do_fcall_common_helper_SPEC).
- - (Segfault in gc_zval_possible_root).
- - (doc comments picked up from previous scanner run).
- - (Apache2 TS crash with get_browser()).
- - (quoted-printable-encode stream filter incorrectly discarding whitespace).
-
-- DateTime:
-
- - (Crash when using unserialized DatePeriod instance).
-
-- FPM:
-
- - (error_log ignored when daemonize=0).
- - (add support for FPM init.d script).
-
-- PDO:
-
- - (Segmentation fault when instantiate 2 persistent PDO to the same db server).
-
-- PDO_DBlib:
-
- - (Cannot connect to SQL Server 2008 with PDO dblib).
- - (pdo_dblib can't connect to Azure SQL).
- - (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes).
-
-- PDO_firebird:
-
- - (Firebird return wrong value for numeric field).
- - (Cannot insert second row with null using parametrized query).
-
-- PDO_mysql:
-
- - (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR).
-
-- PDO_pgsql:
-
- - (Buffer overflow in _pdo_pgsql_error).
-
-- pgsql:
-
- - (pg_convert enum type support).
-
-- Readline:
-
- - Implement FR (Expose additional readline variable to prevent default filename completion).
-
-- SPL:
-
- - (Segfault while using RecursiveIteratorIterator on 64-bits systems).
-
-
-
-
Version 5.5.0
@@ -6218,6 +4987,1134 @@ FILTER_FLAG_NO_PRIV_RANGE).
+
+
+Version 5.4.45
+
+- Core:
+
+ - (Use After Free Vulnerability in unserialize()). (CVE-2015-6834)
+ - (Use after free vulnerability in session deserializer). (CVE-2015-6835)
+
+- EXIF:
+
+ - (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
+
+- hash:
+
+ - (HAVAL gives wrong hashes in specific cases).
+
+- PCRE:
+
+ - (Multiple vulnerabilities related to PCRE functions).
+
+- SOAP:
+
+ - (SOAP serialize_function_call() type confusion / RCE). (CVE-2015-6836)
+
+- SPL:
+
+ - (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)
+ - (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)
+
+- XSLT:
+
+ - (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
+
+- ZIP:
+
+ - (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)
+
+
+
+
+
+
+Version 5.4.44
+
+- Core:
+
+ - (Remotely triggerable stack exhaustion via recursive method calls).
+ - (Different arrays compare indentical due to integer key truncation).
+ - (unserialize() could lead to unexpected methods execution / NULL pointer deref).
+
+- OpenSSL:
+
+ - (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
+
+- Phar:
+
+ - Improved fix for bug .
+ - (Files extracted from archive may be placed outside of destination directory). (CVE-2015-6833)
+
+- SOAP:
+
+ - (SoapClient info leak / null pointer dereference via multiple type confusions).
+
+- SPL:
+
+ - (Dangling pointer in the unserialization of ArrayObject items). (CVE-2015-6832)
+ - (Use After Free Vulnerability in unserialize() with SPLArrayObject). (CVE-2015-6831)
+ - (Use After Free Vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6831)
+ - (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6831)
+
+
+
+
+
+Version 5.4.43
+
+- Core:
+
+ - (escapeshell*() doesn't cater to !).
+ - (Can't set empty additional_headers for mail()), regression from fix to bug .
+
+- Mysqlnd:
+
+ - (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
+
+- Phar:
+
+ - (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
+ - (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
+
+
+
+
+
+Version 5.4.42
+
+- Core:
+
+ - Improved fix for bug (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
+ - (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
+ - (Incorrect handling of paths with NULs). (CVE-2015-4598)
+
+- Litespeed SAPI:
+
+ - (Unchecked return value).
+
+- Mail:
+
+ - (mail() does not have mail header injection prevention for additional headers).
+
+- Postgres:
+
+ - (segfault in php_pgsql_meta_data). (CVE-2015-4644)
+
+- Sqlite3:
+
+ - Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)
+
+
+
+
+
+Version 5.4.41
+
+- Core:
+
+ - (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024)
+ - (str_repeat() sign mismatch based memory corruption).
+ - (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
+ - (heap buffer overflow in unpack()).
+
+- FTP:
+
+ - (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)
+
+- PCNTL:
+
+ - (pcntl_exec() should not allow null char). (CVE-2015-4026)
+
+- PCRE:
+
+ - Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
+
+- Phar:
+
+ - (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)
+
+
+
+
+
+Version 5.4.40
+
+- Apache2handler:
+
+ - (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
+
+- Core:
+
+ - Additional fix for bug (Type confusion vulnerability in exception::getTraceAsString).
+ - (php_stream_url_wrap_http_ex() type-confusion vulnerability).
+ - (Missing null byte checks for paths in various PHP extensions). (CVE-2015-3411, CVE-2015-3412)
+
+- cURL:
+
+ - (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
+
+- Ereg:
+
+ - (NULL Pointer Dereference).
+
+- Fileinfo:
+
+ - (Fileinfo on specific file causes spurious OOM and/or segfault). (CVE-2015-4604, CVE-2015-4605)
+
+- GD:
+
+ - (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
+
+- Phar:
+
+ - (use after free). (CVE-2015-2301)
+ - (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783, CVE-2015-3307)
+ - (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
+
+- Postgres:
+
+ - (Null pointer deference). (CVE-2015-1352)
+
+- SOAP:
+
+ - (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (CVE-2015-4599)
+ - (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
+
+- Sqlite3:
+
+ - (SQLite prepared statement use-after-free).
+
+
+
+
+
+Version 5.4.39
+
+- Core:
+
+ - (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
+ - (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
+ - (move_uploaded_file allows nulls in path). (CVE-2015-2348)
+
+- Ereg:
+
+ - (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
+
+- SOAP:
+
+ - (SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)
+
+- ZIP:
+
+ - (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)
+
+
+
+
+
+Version 5.4.38
+
+- Core:
+
+ - Removed support for multi-line headers, as they are deprecated by RFC 7230.
+ - Added NULL byte protection to exec, system and passthru.
+ - (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
+ - (broken detection of system crypt sha256/sha512 support).
+ - (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
+
+- Enchant:
+
+ - (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
+
+- SOAP:
+
+ - (SoapServer cannot handle large messages).
+
+
+
+
+
+Version 5.4.37
+
+- Core:
+
+ - (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
+
+- CGI:
+
+ - (out of bounds read crashes php-cgi). (CVE-2014-9427)
+
+- EXIF:
+
+ - (Free called on uninitialized pointer). (CVE-2015-0232)
+
+- Fileinfo:
+
+ - Removed readelf.c and related code from libmagic sources.
+ - (fileinfo out-of-bounds memory access). (CVE-2014-9652)
+
+- OpenSSL:
+
+ - (use case-insensitive cert name matching).
+
+
+
+
+
+
+Version 5.4.36
+
+- Core:
+
+ - Upgraded crypt_blowfish to version 1.3.
+ - (NULL pointer dereference in unserialize.c).
+ - (Use after free vulnerability in unserialize()). (CVE-2014-8142)
+
+ - Mcrypt:
+
+ - Fixed possible read after end of buffer and use after free.
+
+
+
+
+Version 5.4.35
+
+- Core:
+
+ - (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
+
+- Fileinfo:
+
+ - (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
+
+- GMP:
+
+ - (GMP memory management conflicts with other libraries using GMP).
+
+- PDO_pgsql:
+
+ - (Segmentation fault on statement deallocation).
+
+
+
+
+
+Version 5.4.34
+
+- Fileinfo:
+
+ - (libmagic: don't assume char is signed).
+
+- Core:
+
+ - (Incorrect last used array index copied to new array after unset).
+ - (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
+
+- cURL:
+
+ - (NULL byte injection - cURL lib).
+
+- EXIF:
+
+ - (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
+
+- OpenSSL:
+
+ - Reverted fixes for bug , due to regressions.
+
+- XMLRPC:
+
+ - (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
+
+
+
+
+
+Version 5.4.33
+
+- Core:
+
+ - (glob returns error, should be empty array()).
+ - (SIGSEGV during zend_shutdown()).
+ - (Crash on SIGTERM in apache process).
+
+- OpenSSL:
+
+ - (socket timeouts not honored in blocking SSL reads).
+
+- Date:
+
+ - (memory leaks in DateTime constructor).
+
+- FPM:
+
+ - (FPM with mod_fastcgi/apache2.4 is broken).
+
+- GD:
+
+ - Made fontFetch's path parser thread-safe.
+
+- Wddx:
+
+ - (Segfaults in php_wddx_serialize_var).
+
+- Zlib:
+
+ - (chained zlib filters silently fail with large amounts of data).
+ - (internal corruption phar error).
+
+
+
+
+
+Version 5.4.32
+
+- Core:
+
+ - (segfault in dns_get_record) (CVE-2014-3597).
+ - (incorrect push to the empty array)
+
+- COM:
+
+ - Fixed missing type checks in com_event_sink.
+
+- Fileinfo:
+
+ - (extensive backtracking in rule regular expression). (CVE-2014-3538)
+ - (Segfault in cdf.c) (CVE-2014-3587).
+
+- GD:
+
+ - (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
+ - (Null byte injection possible with imagexxx functions) (CVE-2014-5120).
+
+- Milter:
+
+ - (php-milter does not build and crashes randomly).
+
+- OpenSSL:
+
+ - Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
+
+- Readline:
+
+ - (Interactive mode doesn't force a newline before the prompt).
+ - (Save command history when exiting interactive shell with control-c).
+
+- Sessions:
+
+ - Fixed missing type checks in php_session_create_id.
+
+- SPL:
+
+ - (ArrayIterator use-after-free due to object change during sorting) (CVE-2014-4698).
+ - (SPL Iterators use-after-free) (CVE-2014-4670).
+
+- ODBC:
+
+ - (odbc_fetch_into returns junk data at end of multi-byte char fields).
+
+
+
+
+
+Version 5.4.31
+
+- Core:
+
+ - (header('Location: foo') will override a 308-399 response code).
+ - (Autoloader isn't called if two method definitions don't match).
+ - (make install fails to install libphp5.so on FreeBSD 10.0).
+ - (strtr with empty array crashes).
+ - (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).
+
+- CLI server:
+
+ - (CLI server is missing some new HTTP response codes).
+ - (Empty header causes PHP built-in web server to hang).
+
+- FPM:
+
+ - (error_log=syslog ignored).
+ - (syslog cannot be set in pool configuration).
+
+- Intl:
+
+ - (NumberFormatter::parse() resets LC_NUMERIC setting).
+
+- pgsql:
+
+ - (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3.
+
+- Phar:
+
+ - (Redirection loop on nginx with FPM).
+
+- Streams:
+
+ - (http:// wrapper doesn't follow 308 redirects).
+
+
+
+
+
+
+Version 5.4.30
+
+- Core:
+
+ - Fixed BC break introduced by patch for bug .
+ - (Closures do not correctly capture the late bound class (static::) in some cases).
+ - (insecure temporary file use in the configure script) (CVE-2014-3981).
+ - (putenv with empty variable may lead to crash).
+ - (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
+
+- CLI server:
+
+ - (built-in web-server segfaults on startup).
+
+- Date:
+
+ - (Serialize of DateTime truncates fractions of second).
+ - Fixed regression in fix for bug (constructor can't be called twice).
+
+- Fileinfo:
+
+ - (fileinfo: cdf_read_short_sector insufficient boundary check) (CVE-2014-0207).
+ - (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).
+ - (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).
+ - (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).
+ - (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).
+
+- Intl:
+
+ - (Locale::parseLocale Double Free).
+ - (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
+
+- Network:
+
+ - (Fix potential segfault in dns_get_record()) (CVE-2014-4049).
+
+- OpenSSL:
+
+ - (certificates validity parsing does not work past 2050).
+ - (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
+
+- SOAP:
+
+ - (Add SoapClient::__getCookies()).
+
+- SPL:
+
+ - (Segmentation fault with ArrayObject unset).
+ - (Segfault in recursiveDirectoryIterator).
+ - (Missing element after ArrayObject::getIterator).
+ - (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
+
+
+
+
+
+Version 5.4.29
+
+- COM:
+
+ - (Special Character via COM Interface (CP_UTF8)).
+
+- Core:
+
+ - (copy() doesn't work when destination filename is created by tempnam()).
+ - (Echoing unserialized "SplFileObject" crash).
+ - (usage of memcpy() with overlapping src and dst in zend_exceptions.c).
+ - (spl_fixedarray_resize integer overflow).
+ - (printf out-of-bounds read).
+ - (iptcparse out-of-bounds read).
+ - (convert_uudecode out-of-bounds read). (Stas)
+
+- Fileinfo:
+
+ - (Fileinfo crashes with powerpoint files).
+ - (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
+ - (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
+
+- Date:
+
+ - (DateTime constructor crash with invalid data).
+ - (date_parse_from_format out-of-bounds read).
+ - (timelib_meridian_with_check out-of-bounds read).
+
+- DOM:
+
+ - (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset).
+
+- FPM:
+
+ - (php-fpm reload leaks epoll_create() file descriptor).
+
+- Phar:
+
+ - ($phar->buildFromDirectory can't compress file with an accent in its name).
+
+
+
+
+
+Version 5.4.28
+
+- Core:
+
+ - (Out of memory on command stream_get_contents).
+ - (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).
+ - (Symlinks and session handler allow open_basedir bypass).
+ - (exit in stream filter produces segfault).
+ - (fpassthru broken).
+ - (getimagesize should recognize BMP files with negative height).
+
+- cURL:
+
+ - (curl_exec returns differently than curl_multi_getcontent).
+
+- Date:
+
+ - (__wakeup of DateTime segfaults when invalid object data is supplied).
+
+- Embed:
+
+ - (php5embed.lib isn't provided anymore).
+
+- Fileinfo:
+
+ - (Memory corruption in fileinfo ext / bigendian).
+
+- FPM:
+
+ - (unknown entry 'priority' in php-fpm.conf).
+ - (sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185).
+
+- JSON:
+
+ - (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).
+
+- LDAP:
+
+ - Fixed issue with null bytes in LDAP bindings.
+
+- OpenSSL:
+
+ - (memory leak in openssl_seal()).
+ - (memory leak in openssl_open()).
+
+- SimpleXML:
+
+ - (simplexml_load_string() mangles empty node name) (Anatol)
+
+- XSL:
+
+ - (<xsl:include> cannot find files with relative paths when loaded with "file://").
+
+- Apache2 Handler SAPI:
+
+ - Fixed Apache log issue caused by APR's lack of support for %zu (APR issue 56120).
+
+
+
+
+
+Version 5.4.27
+
+- Core:
+
+ - (proc_open() changes environment array)
+
+- Fileinfo:
+
+ - (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)
+
+- FPM:
+
+ - Added clear_env configuration directive to disable clearenv() call.
+
+- GMP:
+
+ - (invalid argument crashes gmp_testbit)
+
+- Mail:
+
+ - (Don't add newline after X-PHP-Originating-Script)
+
+- MySQLi:
+
+ - (Segfault in mysqli_stmt::bind_result() when link closed)
+
+- Openssl:
+
+ - (Default disgest algo is still MD5, switch to SHA1)
+
+
+
+
+
+Version 5.4.26
+
+- Date:
+
+ - (some time zone offsets not recognized by timezone_name_from_abbr)
+ - (DateTime::setTimezone can not set timezones without ID)
+
+- JSON:
+
+ - (JsonSerializeable couldn't implement on module extension)
+
+- Fileinfo:
+
+ - (file: infinite recursion) (CVE-2014-1943).
+ - (out-of-bounds memory access in fileinfo) (CVE-2014-2270).
+
+- LDAP:
+
+ - Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
+
+- Openssl:
+
+ - (Add EC key support to php_openssl_is_private_key).
+
+- Pgsql:
+
+ - Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().
+
+
+
+
+
+
+Version 5.4.25
+
+- Core:
+
+ - (Incorrect object comparison with inheritance).
+ - (copy() arginfo has changed starting from 5.4).
+
+- mysqlnd:
+
+ - (Segmentation fault after memory_limit).
+
+- PDO_pgsql:
+
+ - (PDO-psql cannot connect if password contains spaces).
+
+- Session:
+
+ - (Calls to session_name() segfault when session.name is null).
+
+
+
+
+
+Version 5.4.24
+
+- Core:
+
+ - Added validation of class names in the autoload process.
+ - Fixed invalid C code in zend_strtod.c.
+ - (fopen and O_NONBLOCK).
+
+- Date:
+
+ - (Heap buffer over-read in DateInterval, CVE-2013-6712).
+ - (Incorrect/inconsistent day of week prior to the year 1600).
+ - (Wrong Day of Week).
+
+- DOM:
+
+ - (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
+
+- Exif:
+
+ - (Integer overflow in exif_read_data()).
+
+- Filter:
+
+ - (128.0.0.0/16 isn't reserved any longer).
+
+- GD:
+
+ - (Use freetype-config for determining freetype2 dir(s)).
+
+- PDO_odbc:
+
+ - (Stack smashing protection kills PDO/ODBC queries).
+
+- SNMP:
+
+ - Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
+
+- XSL:
+
+ - (Segfault throwing an exception in a XSL registered function).
+
+- ZIP:
+
+ - (ZipArchive::open() ze_obj->filename_len not real).
+
+
+
+
+
+Version 5.4.23
+
+- Core:
+
+ - (unregister_tick_function tries to cast a Closure to a string).
+ - (basename is no more working after fgetcsv in certain situation).
+
+- JSON:
+
+ - Fixed whitespace part of ("json_decode handles whitespace and case-sensitivity incorrectly").
+
+- MySQLi:
+
+ - (Segfault calling bind_param() on mysqli).
+
+- mysqlnd:
+
+ - (mysqli under mysqlnd loses precision when bind_param with 'i').
+ - (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query).
+
+- OpenSSL:
+
+ - Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
+
+- PDO:
+
+ - (sql_parser permanently converts values bound to strings).
+
+
+
+
+
+Version 5.4.22
+
+- Core:
+
+ - (scope resolution operator - strange behavior with $this).
+
+- CLI server:
+
+ - (Segfault with built-in webserver and chunked transfer encoding).
+
+- Exif:
+
+ - Fixed crash on unknown encoding.
+
+- FTP:
+
+ - (ftp_nb_continue produces segfault).
+
+- ODBC:
+
+ - (Field name truncation if the field name is bigger than 32 characters).
+
+- Sockets:
+
+ - (the socket_connect() won't work with IPv6 address).
+
+- Standard:
+
+ - (var_export() does not use full precision for floating-point numbers).
+
+- XMLReader:
+
+ - (Crash with clone XMLReader).
+ - (XMLReader does not suppress errors).
+
+
+
+
+
+Version 5.4.21
+
+- Core:
+
+ - (compile time errors won't trigger auto loading).
+
+- CLI server:
+
+ - (built-in server treat some http headers as case-sensitive).
+
+- Datetime:
+
+ - (DateTime::createFromFormat() reports confusing error message).
+
+- DBA extension:
+
+ - (dba functions cast $key param to string in-place, bypassing copy on write).
+
+- Filter:
+
+ - Add RFC 6598 IPs to reserved addresses.
+ - (FILTER_VALIDATE_URL rejects fully qualified domain names).
+
+- IMAP:
+
+ - (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
+
+- Standard:
+
+ - (content-type must appear at the end of headers for 201 Location to work in http).
+
+- Build system:
+
+ - ('make test' crashes starting with 5.3.14 (missing gzencode())).
+
+
+
+
+
+
+Version 5.4.20
+
+- Core:
+
+ - (cli/apache sapi segfault on objects manipulation).
+ - (Using traits with get_class_methods causes segfault).
+ - (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
+ - (quoted-printable encode stream filter incorrectly encoding spaces).
+ - (shutdown segfault due to serialize).
+ - (Segmentation fault in zend_error() with --enable-dtrace).
+ - (Segfault in gc_zval_possible_root when return reference fails).
+ - (Use of max int in array_sum).
+ - (get_defined_constants() causes PHP to crash in a very limited case).
+ - (PHP_BINARY incorrectly set).
+ - Improved fix for bug (compile failure on netbsd).
+ - (PHP fails to build with DTrace).
+ - (class_alias() should accept classes with leading backslashes).
+ - (CGI mode - make install don't work).
+ - Cherry-picked some DTrace build commits (allowing builds on Linux, bug and bug ) from PHP 5.5 branch.
+ - (--enable-dtrace leads make to clobber Zend/zend_dtrace.d)
+
+- cURL:
+
+- Datetime:
+
+ - (createFromFormat broken when weekday name is followed by some delimiters)
+ - (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer)
+
+- Openssl:
+
+ - (openssl_x509_parse fails to parse subject properly in some cases).
+
+- Session:
+
+ - (rfc1867 crashes php even though turned off).
+ - (session id not appended properly for empty anchor tags).
+ - Fixed possible buffer overflow under Windows. Note: Not a security fix.
+ - Changed session.auto_start to PHP_INI_PERDIR.
+
+- SOAP:
+
+ - (SoapHeader problems with SoapServer).
+
+- SPL:
+
+ - (Segfault when getting SplStack object Value).
+
+- PDO:
+
+ - (Postgres prepared statement positional parameter casting).
+
+- Phar:
+
+ - (Phar::buildFromDirectory creates corrupt archives for some specific contents).
+
+- Pgsql:
+
+ - (pg_escape_literal/identifier() silently returns false).
+ - (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
+
+- Zlib:
+
+ - (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called).
+
+
+
+
+
+Version 5.4.19
+
+- Core:
+
+ - (Compilation fails with error: conflicting types for 'zendparse').
+
+- Openssl:
+
+ - Fixed UMR in fix for CVE-2013-4248.
+
+
+
+
+
+Version 5.4.18
+
+- Core:
+
+ - Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value).
+ - (Exception not catchable when exception thrown in autoload with a namespace).
+ - (is_callable() triggers Fatal Error).
+ - (Generated configure script is malformed on OpenBSD).
+ - (Possible XSS on "Registered stream filters" info).
+ - (Error on serialize of ArrayObject).
+ - (variant_* functions causes crash when null given as an argument).
+ - (php_error_docref links to invalid pages).
+ - (chroot() does not get enabled).
+
+- CGI:
+
+ - (Missing php-cgi man page).
+
+- CLI server:
+
+ - (Cli server not responsive when responding with 422 http status code).
+
+- CURL:
+
+ - (curl.cainfo doesn't appear in php.ini).
+
+- FPM:
+
+ - (enabling FPM borks compile on FreeBSD).
+
+- FTP:
+
+ - (FTPs memory leak with SSL).
+
+- GMP:
+
+ - (Memory leak in gmp_cmp second parameter).
+
+- Imap:
+
+ - (Segmentation fault after imap_reopen failure).
+
+- Intl:
+
+ - (Buggy grapheme_substr() on edge case).
+ - (Offsets may be wrong for grapheme_stri* functions).
+
+- mysqlnd:
+
+ - Fixed segfault in mysqlnd when doing long prepare.
+
+- ODBC:
+
+ - (NULL valued anonymous column causes segfault in odbc_fetch_array).
+
+- Openssl:
+
+ - Fixed handling null bytes in subjectAltName (CVE-2013-4248).
+
+- PDO:
+
+ - Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
+
+- PDO_dblib:
+
+ - (PDO/dblib not working anymore ("use dbName" not sent)).
+
+- PDO_pgsql:
+
+ - Fixed meta data retrieve when OID is larger than 2^31.
+
+- Phar:
+
+ - (Missing phar man page).
+
+- Session:
+
+ - ($_SESSION[$key]["cancel_upload"] doesn't work as documented).
+ - (when session_name("123") consist only digits, should warning).
+ - (mod_files.sh does not support hash bits).
+
+- Sockets:
+
+ - (Setting SO_BINDTODEVICE with socket_set_option).
+
+- SPL:
+
+ - (RecursiveDirectoryIterator segfault).
+ - (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice).
+ - (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings).
+
+- XML:
+
+ - (heap corruption in xml parser). (CVE-2013-4113)
+
+
+
+
+
+
+Version 5.4.17
+
+- Core:
+
+ - (Class loading order affects E_STRICT warning).
+ - (segfault in zend_do_fcall_common_helper_SPEC).
+ - (Segfault in gc_zval_possible_root).
+ - (doc comments picked up from previous scanner run).
+ - (Apache2 TS crash with get_browser()).
+ - (quoted-printable-encode stream filter incorrectly discarding whitespace).
+
+- DateTime:
+
+ - (Crash when using unserialized DatePeriod instance).
+
+- FPM:
+
+ - (error_log ignored when daemonize=0).
+ - (add support for FPM init.d script).
+
+- PDO:
+
+ - (Segmentation fault when instantiate 2 persistent PDO to the same db server).
+
+- PDO_DBlib:
+
+ - (Cannot connect to SQL Server 2008 with PDO dblib).
+ - (pdo_dblib can't connect to Azure SQL).
+ - (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes).
+
+- PDO_firebird:
+
+ - (Firebird return wrong value for numeric field).
+ - (Cannot insert second row with null using parametrized query).
+
+- PDO_mysql:
+
+ - (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR).
+
+- PDO_pgsql:
+
+ - (Buffer overflow in _pdo_pgsql_error).
+
+- pgsql:
+
+ - (pg_convert enum type support).
+
+- Readline:
+
+ - Implement FR (Expose additional readline variable to prevent default filename completion).
+
+- SPL:
+
+ - (Segfault while using RecursiveIteratorIterator on 64-bits systems).
+
+
+
+
Version 5.4.16
@@ -6278,50 +6175,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.26
-
-
-- Core:
-
- - (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110).
-
-
-- Calendar:
-
- - (Integer overflow in SndToJewish).
-
-
-- FPM:
-
- - Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
- - Log a warning when a syscall fails.
-
-
-- MySQLi:
-
- - (Segfault when calling fetch_object on a use_result and DB pointer has closed).
-
-
-- Phar:
-
- - (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
-
-
-- Streams:
-
- - (stream_select() fails with pipes returned by proc_open() on Windows x64).
-
-
-- Zend Engine:
-
- - (Custom Exception crash when internal properties overridden).
-
-
-
-
-
-
Version 5.4.15
@@ -6349,30 +6202,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-
-Version 5.3.25
-
-
-- Core:
-
- - (debug_backtrace in set_error_handler corrupts zend heap: segfault).
- - (dns_get_record result with string of length -1).
- - (fd leak on Solaris).
- - (fd leak on Solaris).
-
-- Streams:
-
- - Fixed Windows x64 version of stream_socket_pair() and improved error handling.
-
-- Zip:
-
- - (ZipArchive::addFile() has to check for file existence).
-
-
-
-
-
Version 5.4.14
@@ -6407,39 +6236,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.24
-
-
-- Core:
-
- - (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
- - (zend_do_fcall_common_helper_SPEC does not handle exceptions properly).
- - (Show class_alias In get_declared_classes()).
-
-
-- PCRE:
-
-
-- mysqlnd:
-
- - (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind).
-
-
-- DateTime:
-
- - (Unserialize Invalid Date causes crash).
-
-
-- Zip:
-
- - (Zip crash intermittently).
-
-
-
-
Version 5.4.13
@@ -6492,30 +6288,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.23
-
-
-- Phar:
-
- - Fixed timestamp update on Phar contents modification.
-
-- SOAP
-
- - Added check that soap.wsdl_cache_dir conforms to open_basedir
- (CVE-2013-1635).
- - Disabled external entities loading (CVE-2013-1643, CVE-2013-1824).
-
-- SPL:
-
- - (SPLFixedArray toArray problem).
- - (RecursiveDirectoryIterator always assumes SKIP_DOTS).
- - (Segfault on SplFixedArray[][x] = y when extended).
- - (unset fails with ArrayObject and deep arrays).
-
-
-
-
Version 5.4.12
@@ -6580,45 +6352,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.22
-
-
-- Zend Engine:
-
- - (Wrong TSRM usage in zend_Register_class alias).
- - (Use after scope error in zend_compile).
-
-
-
-
-- Core:
-
- - (Bad warning text from strpos() on empty needle).
-
-
-
-
-- Date:
-
- - (comparsion of incomplete DateTime causes SIGSEGV).
-
-
-
-
-- FPM:
-
- - (php with fpm fails to build on Solaris 10 or 11).
-
-
-
-
-- SPL:
-
- - (Segfault on SplFixedArray[][x] = y when extended).
-
-
-
Version 5.4.11
@@ -6665,28 +6398,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.21
-
-
-- Zend Engine:
-
- - (Sigsegv when Exception::$trace is changed by user).
-
-
-
-
-- cURL extension:
-
- - Fixed bug (segfault due to libcurl connection caching).
- - (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST).
- - (Can't enable hostname validation when using curl stream wrappers).
- - (Curlwapper is not sending http header randomly).
-
-
-
-
-
Version 5.4.10
@@ -6789,85 +6500,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.20
-
-
-- Zend Engine:
-
- - (Segfault in gc_collect_cycles).
- - (parse_ini_file() with INI_SCANNER_RAW removes quotes from value).
- - (wrong called method as callback with inheritance).
-
-
-
-
-- Core:
-
- - (config.guess file does not have AIX 7 defined, shared objects are not created).
- - (Segfault on output buffer).
-
-
-
-
-- Apache2 Handler SAPI:
-
- - Enabled Apache 2.4 configure option for Windows.
-
-
-
-
-- Date:
-
- - (Datetime::format('u') sometimes wrong by 1 microsecond).
-
-
-
-
-- Fileinfo:
-
- - (Load multiple magic files from a directory under Windows).
- - (Different results in TS and NTS under Windows).
-
-
-
-
-- FPM:
-
- - (Possible null dereference and buffer overflow).
-
-
-
-
-- Imap:
-
- - (DISABLE_AUTHENTICATOR ignores array).
-
-
-
-
-- MySQLnd:
-
- - (Segfault when polling closed link).
-
-
-
-
-- Reflection:
-
- - (Fatal error on Reflection).
-
-
-
-
-- SOAP:
-
- - (SOAP wsdl cache is not enabled after initial requests).
-
-
-
-
-
Version 5.4.9
@@ -6964,83 +6596,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.19
-
-
-- Core:
-
- - (PHP fails to open Windows deduplicated files).
- - (Handle leak in is_readable on windows).
-
-
-
-
-- Libxml:
-
- - (Missing context check on libxml_set_streams_context() causes memleak).
-
-
-
-
-- Mbstring:
-
- - (max_input_vars doesn't filter variables when
- mbstring.encoding_translation = On).
-
-
-
-
-- MySQL:
-
- - Fixed compilation failure on mixed 32/64 bit systems.
-
-
-
-
-- OCI8:
-
- - (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
-
-
-
-
-- PCRE:
-
- - (Segfault in zend_gc with SF2 testsuite).
- - (Upgrade PCRE to 8.31).
-
-
-
-
-- PDO:
-
- - (buffer overflow in use of SQLGetDiagRec).
-
-
-
-
-- PDO_pgsql:
-
- - (Emulate prepares behave strangely with PARAM_BOOL).
-
-
-
-
-- Phar:
-
- - (Phar fails to write an openssl based signature).
-
-
-
-
-- Streams:
-
- - (stream_get_line() return contains delimiter string).
-
-
-
-
Version 5.4.8
@@ -7147,62 +6702,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.18
-
-
-- Core
-
- - (is_callable() lies for abstract static method).
- - (Segfault while load extension failed in zts-build).
- - (Notice: could not be converted to int when comparing some builtin classes).
- - (Shutdown functions not called in certain error situation).
- - (exception threw in __autoload can not be catched).
- - (custom error handler throwing Exception + fatal error = no shutdown function).
-
-
-
-
-- cURL
-
- - (file_get_contents a remote file by Curl wrapper will cause cpu Soaring).
-
-
-
-
-- FPM
-
- - (startup problems fpm / php-fpm).
- - (PHP-FPM may segfault/hang on startup).
- - (Systemd integration and daemonize).
- - (Unneccesary warnings on FPM).
- - (Only /status?plain&full gives "last request cpu").
- - (Add PID to php-fpm init.d script).
-
-
-
-
-- Intl
-
- - (defective cloning in several intl classes).
-
-
-
-
-- SOAP
-
- - (SOAP Error when trying to submit 2nd Element of a choice).
-
-
-
-
-- SPL
-
- - (Assigning to ArrayObject[null][something] overrides all undefined variables).
-
-
-
-
Version 5.4.7
@@ -7308,78 +6807,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.17
-
-
-- Core
-
- - Fixed bug (segfault while build with zts and GOTO vm-kind)
- - (Only one directive is loaded from "Per Directory Values" Windows registry)
- - (register_shutdown_function and extending class)
- - (dangling pointers made by zend_disable_class)
- - (munmap() is called with the incorrect length)
- - (php binaries installed as binary.dSYM)
-
-
-
-
-- CURL
-
- - (curl_copy_handle segfault with CURLOPT_FILE)
-
-
-
-
-- DateTime
-
- - (Unserialize invalid DateTime causes crash)
-
-
-
-
-- Intl
-
- - Fix null pointer dereferences in some classes of ext/intl
-
-
-
-
-- MySQLnd
-
- - (mysqli_poll - Segmentation fault)
-
-
-
-
-- PDO
-
- - (Wrong return datatype in PDO::inTransaction())
-
-
-
-
-- Session
-
- - Fixed bug (segfault due to retval is not initialized)
-
-
-
-
-- SPL
-
- - (Crash when cloning an object which inherits SplFixedArray)
-
-
-
-
-- Enchant
-
- - (enchant_dict_quick_check() destroys zval, but fails to initialize it)
-
-
-
-
Version 5.4.6
@@ -7479,71 +6906,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.16
-
-
-- Core
-
- - (register_shutdown_function and extending class).
- - (dangling pointers made by zend_disable_class).
- - (munmap() is called with the incorrect length).
- - (php binaries installed as binary.dSYM).
- - (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php).
-
-
-
-
-- CURL
-
- - (curl_copy_handle segfault with CURLOPT_FILE).
- - (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).
-
-
-
-
-- DateTime
-
- - (Segfault in DateInterval class when extended).
-
-
-
-
-- Enchant
-
- - (enchant_dict_quick_check() destroys zval, but fails to initialize it).
-
-
-
-
-- PDO
-
- - (Wrong return datatype in PDO::inTransaction()).
-
-
-
-
-- Reflection
-
- - (ReflectionParameter::isDefaultValueAvailable() wrong result).
-
-
-
-
-- Session
-
- - Fixed bug (segfault due to retval is not initialized).
-
-
-
-
-- SPL
-
- - (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).
-
-
-
-
Version 5.4.5
@@ -7668,116 +7030,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.15
-
-
-- Zend Engine
-
- - (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
-
-
-
-
-- COM
-
- - com_dotnet cannot be built shared
-
-
-
-
-- Core
-
- - Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
- - (ReflectionMethod random corrupt memory on high concurrent)
- - (Crypt SHA256/512 Segfaults With Malformed Salt)
-
-
-
-
-- Fileinfo
-
- - Fixed magic file regex support
-
-
-
-
-- FPM
-
- - (fpm don't send error log to fastcgi clients)
- - (php-fpm is not allowed to run as root)
- - (php-fpm should not fail with commented 'user' for non-root start)
- - (FPM pools can listen on the same address)
- - (php-fpm exits with status 0 on some failures to start)
- - (when using unix sockets, multiples FPM instances can be launched without errors)
- - (Add process.priority to set nice(2) priorities)
- - (FPM drops connection while receiving some binary values in FastCGI requests)
- - (php-fpm segfaults (null passed to strstr))
-
-
-
-
-- Intl
-
- - (grapheme_extract() memory leaks)
- - (IntlDateFormatter constructor leaks memory when called twice)
- - (Collator::getSortKey() returns garbage)
- - (datefmt_create with incorrectly encoded timezone leaks pattern)
- - (memory leak in IntlDateFormatter constructor)
-
-
-
-
-
-
-- Phar
-
- - (Invalid phar stream path causes crash)
-
-
-
-
-- Reflection
-
- - (Attempting to invoke a Closure more than once causes segfault)
- - (ReflectionParameter::getDefaultValue() memory leaks with constant)
-
-
-
-
-- SPL
-
- - (RecursiveArrayIterator does not implement Countable)
-
-
-
-
-- SQLite
-
- - Fixed open_basedir bypass, CVE-2012-3365
-
-
-
-
-- XML Write
-
- - (memory leak in the XML Writer module)
-
-
-
-
-- Zip
-
- - Upgraded libzip to 0.10
-
-
-
-
Version 5.4.4
@@ -7904,95 +7156,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.14
-
-
-- CLI SAPI
-
- - (functions related to current script failed when chdir() in cli sapi)
-
-
-
-
-- Core
-
- - Fixed CVE-2012-2143
- - (unexpected behavior when incrementally assigning to a member of a null object)
- - (Segfault from array_walk modifying an array passed by reference)
- - Fixed missing bound check in iptcparse()
- - ('I' unpacks n as signed if n > 2^31-1 on LP64)
- - ([PATH=] sections incompatibility with user_ini.filename set to null)
- - (Logic error in charset detection for htmlentities)
- - (long overflow in realpath_cache_get())
- - Changed php://fd to be available only for CLI.
-
-
-
-
-- CURL
-
- - (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
-
-
-
-
-- COM
-
- - com_dotnet cannot be built shared
-
-
-
-
-- Fileinfo
-
- - (Uninitialised value used in libmagic)
-
-
-
-
-
-
-- Intl
-
- - (Memory corruption in internal function get_icu_disp_value_src_php()
-
-
-
-
-- JSON
-
- - (json_encode() incorrectly truncates/discards information)
-
-
-
-
-- PDO
-
- - (A parsing bug in the prepared statements can lead to access violations). (CVE-2012-3450)
-
-
-
-
-- Phar
-
-- (Secunia SA44335) (CVE-2012-2386)
-
-
-
-
-- Streams
-
- - (file_get_contents leaks when access empty file with maxlen set)
-
-
-
-
Version 5.4.3
@@ -8003,15 +7166,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.13
-
-
-
- - Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
-
-
-
Version 5.4.2
@@ -8021,14 +7175,7 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.12
-
-
- - Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
-
-
Version 5.4.1
@@ -8103,246 +7250,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.3.11
-
-
-
-- Core
-
- - (ini parser crashes when using ${xxxx} ini variables
- (without apache2)).
- - (call_user_func_array with more than 16333 arguments
- leaks / crashes).
- - (Segfault - strip_tags()).
- - (Incorect lexing of 0x00*+<NUM>).
- - (Memory leak in parse_ini_file when specifying
- invalid scanner mode).
- - (Memory leak when restoring an exception handler).
- - (array_fill leaks if start index is PHP_INT_MAX).
- - (Exceeding max nesting level doesn't delete numerical
- vars).
- - (Possible invalid handler usage in windows random
- functions).
- - (Segfault when running symfony 2 tests).
- - (strpbrk() mishandles NUL byte).
- - (Nullbyte truncates Exception $message).
- - (header() cannot detect the multi-line header with CR).
- - (time_nanosleep() does validate input params).
- - (Insufficient validating of upload name leading to
- corrupted $_FILES indices). (CVE-2012-1172).
- - (array_walk_recursive crashes if third param of the
- function is by reference).
- - Improve performance of set_exception_handler while doing reset.
- - (Include fails with toplevel symlink to /).
-
-
-
-
-- DOM
-
- - Added debug info handler to DOM objects.
-
-
-
-
-- FPM
-
- - (Transposed memset() params in sapi/fpm/fpm/fpm_shm.)
- - (php-fpm compilation problem).
-
-
-
-
-- Fileinfo
-
- - Upgraded libmagic to 5.
- - where php_stream_open_wrapper_ex tries to open a
- directory descriptor under windows.
- - failure caused by the posix lseek and read versions
- under windows in cdf_read().
- - (Unable to detect error from finfo constructor).
-
-
-
-
-- Firebird Database extension (ibase)
-
- - (ibase_trans() gives segfault when passing params).
-
-
-
-
-- Ibase
-
- - (Segmentation fault while executing ibase_db_info).
-
-
-
-
-- Installation
-
- - (Add Apache 2.4 support).
-
-
-
-
-- mysqli
-
- - (mysql_stat() require a valid connection).
-
-
-
-
-- PDO_mysql
-
- - (PDO::nextRowset() after a multi-statement query doesn't
- always work).
- - (PDO should export compression flag with myslqnd).
-
-
-
-
-- PDO_odbc
-
- - (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO).
-
-
-
-
-- PDO_pgsql
-
- - (pdo_pgsql's PDO::exec() returns the number of SELECTed
- rows on postgresql >= 9).
-
-
-
-
-- PDO_Sqlite extension
-
- - Add createCollation support.
-
-
-
-
-- pgsql
-
- - (Compile problem with libpq (PostgreSQL 7.3 or less).
-
-
-
-
-- Phar
-
- - (Phar::webPhar() generates headers with trailing NUL
- bytes).
-
-
-
-
-- Readline
-
- - (Memory leak in readline_callback_handler_install).
- - Add open_basedir checks to readline_write_history and readline_read_history.
-
-
-
-
-- Reflection
-
- - (ReflectionObject:getProperties() issues invalid reads
- when get_properties returns a hash table with (inaccessible) dynamic
- numeric properties).
- - (Late static binding doesn't work with
- ReflectionMethod::invokeArgs()).
-
-
-
-
-- Session
-
- - (session.save_handler=user without defined function core
- dumps).
- - (Segmentation fault when trying to die() in
- SessionHandler::write()).
-
-
-
-
-- SOAP
-
- - (gzip compression fails).
- - (SoapClient ignores user_agent option and sends no
- User-Agent header).
- - , (Chunked response parsing error when
- chunksize length line is > 10 bytes).
- - (Soap Client stream context header option ignored).
-
-
-
-
-- SPL
-
- - Fixed memory leak when calling SplFileInfo's constructor twice.
- - (Segmentation fault when DirectoryIterator's or
- FilesystemIterator's iterators are requested more than once without
- having had its dtor callback called in between).
- - (inconsistent isset behavior of Arrayobject).
- - (ArrayObject comparison).
-
-
-
-
-- SQLite3 extension
-
- - Add createCollation() method.
-
-
-
-
-- Streams
-
- - (stream_context_create() causes memory leaks on use
- streams_socket_create).
- - (Wrappers opened with errors concurrency problem on ZTS).
- - (stream related segfault on fatal error in
- php_stream_context_link).
- - (stream_get_line() reads from stream even when there is
- already sufficient data buffered). stream_get_line() now behaves more like
- fgets(), as is documented.
- - Further fix for bug (stream_get_line misbehaves if EOF is not
- detected together with the last read).
- - (stream_socket_server silently truncates long unix
- socket paths).
-
-
-
-
-- Tidy
-
- - (tidy null pointer dereference).
-
-
-
-
-- XMLRPC
-
- - (xmlrpc_parse_method_descriptions leaks temporary
- variable).
- - (Memory leak in xmlrpc functions copying zvals).
-
-
-
-
-- Zlib
-
- - (initialization of global inappropriate for ZTS).
- - (A particular string fails to decompress).
- - (gzopen leaks when specifying invalid mode).
-
-
-
-
Version 5.4.0
@@ -8983,6 +7890,1107 @@ FILTER_FLAG_NO_PRIV_RANGE).
+
+
+Version 5.3.29
+
+- Core:
+
+ - (Segmentation fault with ArrayObject unset).
+ - (spl_fixedarray_resize integer overflow).
+ - (printf out-of-bounds read).
+ - (iptcparse out-of-bounds read).
+ - (convert_uudecode out-of-bounds read).
+ - (Segfault in recursiveDirectoryIterator).
+ - (insecure temporary file use in the configure script). (CVE-2014-3981)
+ - (putenv with empty variable may lead to crash).
+ - (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
+ - (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
+
+
+COM:
+
+ - Fixed missing type checks in com_event_sink.
+
+Date:
+
+ - (Heap buffer over-read in DateInterval). (CVE-2013-6712)
+ - (date_parse_from_format out-of-bounds read).
+ - (timelib_meridian_with_check out-of-bounds read).
+
+Exif:
+
+ - (Integer overflow in exif_read_data()).
+
+Fileinfo:
+
+ - (Fileinfo crashes with powerpoint files).
+ - (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
+ - (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
+ - (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
+ - (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).
+ - (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).
+ - (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).
+ - (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).
+
+Intl:
+
+ - (Locale::parseLocale Double Free).
+ - (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
+
+Network:
+
+ - (Fix potential segfault in dns_get_record()). (CVE-2014-4049)
+
+OpenSSL:
+
+ - Fixed missing type checks in OpenSSL options.
+
+Session:
+
+ - Fixed missing type checks in php_session_create_id.
+
+
+
+
+
+Version 5.3.28
+
+- Openssl:
+
+ - Fixed handling null bytes in subjectAltName (CVE-2013-4248).
+ - Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
+
+
+
+
+
+Version 5.3.27
+
+- Core:
+
+ - (segfault in zend_do_fcall_common_helper_SPEC).
+ - (Segfault in gc_zval_possible_root).
+ - (Apache2 TS crash with get_browser()).
+ - (compile failure on netbsd).
+
+- DateTime:
+
+ - (Crash when using unserialized DatePeriod instance).
+
+- PDO_firebird:
+
+ - (Firebird return wrong value for numeric field).
+ - (Cannot insert second row with null using parametrized query).
+
+- PDO_pgsql:
+
+ - (Buffer overflow in _pdo_pgsql_error).
+
+- pgsql:
+
+ - (pg_convert enum type support).
+
+- SPL:
+
+ - (Segfault while using RecursiveIteratorIterator on 64-bits systems).
+
+- XML:
+
+ - (heap corruption in xml parser). (CVE-2013-4113)
+
+
+
+
+
+Version 5.3.26
+
+
+- Core:
+
+ - (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110).
+
+
+- Calendar:
+
+ - (Integer overflow in SndToJewish).
+
+
+- FPM:
+
+ - Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
+ - Log a warning when a syscall fails.
+
+
+- MySQLi:
+
+ - (Segfault when calling fetch_object on a use_result and DB pointer has closed).
+
+
+- Phar:
+
+ - (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
+
+
+- Streams:
+
+ - (stream_select() fails with pipes returned by proc_open() on Windows x64).
+
+
+- Zend Engine:
+
+ - (Custom Exception crash when internal properties overridden).
+
+
+
+
+
+
+Version 5.3.25
+
+
+- Core:
+
+ - (debug_backtrace in set_error_handler corrupts zend heap: segfault).
+ - (dns_get_record result with string of length -1).
+ - (fd leak on Solaris).
+ - (fd leak on Solaris).
+
+- Streams:
+
+ - Fixed Windows x64 version of stream_socket_pair() and improved error handling.
+
+- Zip:
+
+ - (ZipArchive::addFile() has to check for file existence).
+
+
+
+
+
+Version 5.3.24
+
+
+- Core:
+
+ - (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
+ - (zend_do_fcall_common_helper_SPEC does not handle exceptions properly).
+ - (Show class_alias In get_declared_classes()).
+
+
+- PCRE:
+
+
+- mysqlnd:
+
+ - (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind).
+
+
+- DateTime:
+
+ - (Unserialize Invalid Date causes crash).
+
+
+- Zip:
+
+ - (Zip crash intermittently).
+
+
+
+
+
+Version 5.3.23
+
+
+- Phar:
+
+ - Fixed timestamp update on Phar contents modification.
+
+- SOAP
+
+ - Added check that soap.wsdl_cache_dir conforms to open_basedir
+ (CVE-2013-1635).
+ - Disabled external entities loading (CVE-2013-1643, CVE-2013-1824).
+
+- SPL:
+
+ - (SPLFixedArray toArray problem).
+ - (RecursiveDirectoryIterator always assumes SKIP_DOTS).
+ - (Segfault on SplFixedArray[][x] = y when extended).
+ - (unset fails with ArrayObject and deep arrays).
+
+
+
+
+
+Version 5.3.22
+
+
+- Zend Engine:
+
+ - (Wrong TSRM usage in zend_Register_class alias).
+ - (Use after scope error in zend_compile).
+
+
+
+
+- Core:
+
+ - (Bad warning text from strpos() on empty needle).
+
+
+
+
+- Date:
+
+ - (comparsion of incomplete DateTime causes SIGSEGV).
+
+
+
+
+- FPM:
+
+ - (php with fpm fails to build on Solaris 10 or 11).
+
+
+
+
+- SPL:
+
+ - (Segfault on SplFixedArray[][x] = y when extended).
+
+
+
+
+
+Version 5.3.21
+
+
+- Zend Engine:
+
+ - (Sigsegv when Exception::$trace is changed by user).
+
+
+
+
+- cURL extension:
+
+ - Fixed bug (segfault due to libcurl connection caching).
+ - (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST).
+ - (Can't enable hostname validation when using curl stream wrappers).
+ - (Curlwapper is not sending http header randomly).
+
+
+
+
+
+Version 5.3.20
+
+
+- Zend Engine:
+
+ - (Segfault in gc_collect_cycles).
+ - (parse_ini_file() with INI_SCANNER_RAW removes quotes from value).
+ - (wrong called method as callback with inheritance).
+
+
+
+
+- Core:
+
+ - (config.guess file does not have AIX 7 defined, shared objects are not created).
+ - (Segfault on output buffer).
+
+
+
+
+- Apache2 Handler SAPI:
+
+ - Enabled Apache 2.4 configure option for Windows.
+
+
+
+
+- Date:
+
+ - (Datetime::format('u') sometimes wrong by 1 microsecond).
+
+
+
+
+- Fileinfo:
+
+ - (Load multiple magic files from a directory under Windows).
+ - (Different results in TS and NTS under Windows).
+
+
+
+
+- FPM:
+
+ - (Possible null dereference and buffer overflow).
+
+
+
+
+- Imap:
+
+ - (DISABLE_AUTHENTICATOR ignores array).
+
+
+
+
+- MySQLnd:
+
+ - (Segfault when polling closed link).
+
+
+
+
+- Reflection:
+
+ - (Fatal error on Reflection).
+
+
+
+
+- SOAP:
+
+ - (SOAP wsdl cache is not enabled after initial requests).
+
+
+
+
+
+
+Version 5.3.19
+
+
+- Core:
+
+ - (PHP fails to open Windows deduplicated files).
+ - (Handle leak in is_readable on windows).
+
+
+
+
+- Libxml:
+
+ - (Missing context check on libxml_set_streams_context() causes memleak).
+
+
+
+
+- Mbstring:
+
+ - (max_input_vars doesn't filter variables when
+ mbstring.encoding_translation = On).
+
+
+
+
+- MySQL:
+
+ - Fixed compilation failure on mixed 32/64 bit systems.
+
+
+
+
+- OCI8:
+
+ - (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
+
+
+
+
+- PCRE:
+
+ - (Segfault in zend_gc with SF2 testsuite).
+ - (Upgrade PCRE to 8.31).
+
+
+
+
+- PDO:
+
+ - (buffer overflow in use of SQLGetDiagRec).
+
+
+
+
+- PDO_pgsql:
+
+ - (Emulate prepares behave strangely with PARAM_BOOL).
+
+
+
+
+- Phar:
+
+ - (Phar fails to write an openssl based signature).
+
+
+
+
+- Streams:
+
+ - (stream_get_line() return contains delimiter string).
+
+
+
+
+
+Version 5.3.18
+
+
+- Core
+
+ - (is_callable() lies for abstract static method).
+ - (Segfault while load extension failed in zts-build).
+ - (Notice: could not be converted to int when comparing some builtin classes).
+ - (Shutdown functions not called in certain error situation).
+ - (exception threw in __autoload can not be catched).
+ - (custom error handler throwing Exception + fatal error = no shutdown function).
+
+
+
+
+- cURL
+
+ - (file_get_contents a remote file by Curl wrapper will cause cpu Soaring).
+
+
+
+
+- FPM
+
+ - (startup problems fpm / php-fpm).
+ - (PHP-FPM may segfault/hang on startup).
+ - (Systemd integration and daemonize).
+ - (Unneccesary warnings on FPM).
+ - (Only /status?plain&full gives "last request cpu").
+ - (Add PID to php-fpm init.d script).
+
+
+
+
+- Intl
+
+ - (defective cloning in several intl classes).
+
+
+
+
+- SOAP
+
+ - (SOAP Error when trying to submit 2nd Element of a choice).
+
+
+
+
+- SPL
+
+ - (Assigning to ArrayObject[null][something] overrides all undefined variables).
+
+
+
+
+
+Version 5.3.17
+
+
+- Core
+
+ - Fixed bug (segfault while build with zts and GOTO vm-kind)
+ - (Only one directive is loaded from "Per Directory Values" Windows registry)
+ - (register_shutdown_function and extending class)
+ - (dangling pointers made by zend_disable_class)
+ - (munmap() is called with the incorrect length)
+ - (php binaries installed as binary.dSYM)
+
+
+
+
+- CURL
+
+ - (curl_copy_handle segfault with CURLOPT_FILE)
+
+
+
+
+- DateTime
+
+ - (Unserialize invalid DateTime causes crash)
+
+
+
+
+- Intl
+
+ - Fix null pointer dereferences in some classes of ext/intl
+
+
+
+
+- MySQLnd
+
+ - (mysqli_poll - Segmentation fault)
+
+
+
+
+- PDO
+
+ - (Wrong return datatype in PDO::inTransaction())
+
+
+
+
+- Session
+
+ - Fixed bug (segfault due to retval is not initialized)
+
+
+
+
+- SPL
+
+ - (Crash when cloning an object which inherits SplFixedArray)
+
+
+
+
+- Enchant
+
+ - (enchant_dict_quick_check() destroys zval, but fails to initialize it)
+
+
+
+
+
+Version 5.3.16
+
+
+- Core
+
+ - (register_shutdown_function and extending class).
+ - (dangling pointers made by zend_disable_class).
+ - (munmap() is called with the incorrect length).
+ - (php binaries installed as binary.dSYM).
+ - (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php).
+
+
+
+
+- CURL
+
+ - (curl_copy_handle segfault with CURLOPT_FILE).
+ - (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).
+
+
+
+
+- DateTime
+
+ - (Segfault in DateInterval class when extended).
+
+
+
+
+- Enchant
+
+ - (enchant_dict_quick_check() destroys zval, but fails to initialize it).
+
+
+
+
+- PDO
+
+ - (Wrong return datatype in PDO::inTransaction()).
+
+
+
+
+- Reflection
+
+ - (ReflectionParameter::isDefaultValueAvailable() wrong result).
+
+
+
+
+- Session
+
+ - Fixed bug (segfault due to retval is not initialized).
+
+
+
+
+- SPL
+
+ - (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).
+
+
+
+
+
+Version 5.3.15
+
+
+- Zend Engine
+
+ - (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)
+
+
+
+
+- COM
+
+ - com_dotnet cannot be built shared
+
+
+
+
+- Core
+
+ - Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
+ - (ReflectionMethod random corrupt memory on high concurrent)
+ - (Crypt SHA256/512 Segfaults With Malformed Salt)
+
+
+
+
+- Fileinfo
+
+ - Fixed magic file regex support
+
+
+
+
+- FPM
+
+ - (fpm don't send error log to fastcgi clients)
+ - (php-fpm is not allowed to run as root)
+ - (php-fpm should not fail with commented 'user' for non-root start)
+ - (FPM pools can listen on the same address)
+ - (php-fpm exits with status 0 on some failures to start)
+ - (when using unix sockets, multiples FPM instances can be launched without errors)
+ - (Add process.priority to set nice(2) priorities)
+ - (FPM drops connection while receiving some binary values in FastCGI requests)
+ - (php-fpm segfaults (null passed to strstr))
+
+
+
+
+- Intl
+
+ - (grapheme_extract() memory leaks)
+ - (IntlDateFormatter constructor leaks memory when called twice)
+ - (Collator::getSortKey() returns garbage)
+ - (datefmt_create with incorrectly encoded timezone leaks pattern)
+ - (memory leak in IntlDateFormatter constructor)
+
+
+
+
+
+
+- Phar
+
+ - (Invalid phar stream path causes crash)
+
+
+
+
+- Reflection
+
+ - (Attempting to invoke a Closure more than once causes segfault)
+ - (ReflectionParameter::getDefaultValue() memory leaks with constant)
+
+
+
+
+- SPL
+
+ - (RecursiveArrayIterator does not implement Countable)
+
+
+
+
+- SQLite
+
+ - Fixed open_basedir bypass, CVE-2012-3365
+
+
+
+
+- XML Write
+
+ - (memory leak in the XML Writer module)
+
+
+
+
+- Zip
+
+ - Upgraded libzip to 0.10
+
+
+
+
+
+Version 5.3.14
+
+
+- CLI SAPI
+
+ - (functions related to current script failed when chdir() in cli sapi)
+
+
+
+
+- Core
+
+ - Fixed CVE-2012-2143
+ - (unexpected behavior when incrementally assigning to a member of a null object)
+ - (Segfault from array_walk modifying an array passed by reference)
+ - Fixed missing bound check in iptcparse()
+ - ('I' unpacks n as signed if n > 2^31-1 on LP64)
+ - ([PATH=] sections incompatibility with user_ini.filename set to null)
+ - (Logic error in charset detection for htmlentities)
+ - (long overflow in realpath_cache_get())
+ - Changed php://fd to be available only for CLI.
+
+
+
+
+- CURL
+
+ - (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
+
+
+
+
+- COM
+
+ - com_dotnet cannot be built shared
+
+
+
+
+- Fileinfo
+
+ - (Uninitialised value used in libmagic)
+
+
+
+
+
+
+- Intl
+
+ - (Memory corruption in internal function get_icu_disp_value_src_php()
+
+
+
+
+- JSON
+
+ - (json_encode() incorrectly truncates/discards information)
+
+
+
+
+- PDO
+
+ - (A parsing bug in the prepared statements can lead to access violations). (CVE-2012-3450)
+
+
+
+
+- Phar
+
+- (Secunia SA44335) (CVE-2012-2386)
+
+
+
+
+- Streams
+
+ - (file_get_contents leaks when access empty file with maxlen set)
+
+
+
+
+
+Version 5.3.13
+
+
+
+ - Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
+
+
+
+
+Version 5.3.12
+
+
+
+ - Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
+
+
+
+
+Version 5.3.11
+
+
+
+- Core
+
+ - (ini parser crashes when using ${xxxx} ini variables
+ (without apache2)).
+ - (call_user_func_array with more than 16333 arguments
+ leaks / crashes).
+ - (Segfault - strip_tags()).
+ - (Incorect lexing of 0x00*+<NUM>).
+ - (Memory leak in parse_ini_file when specifying
+ invalid scanner mode).
+ - (Memory leak when restoring an exception handler).
+ - (array_fill leaks if start index is PHP_INT_MAX).
+ - (Exceeding max nesting level doesn't delete numerical
+ vars).
+ - (Possible invalid handler usage in windows random
+ functions).
+ - (Segfault when running symfony 2 tests).
+ - (strpbrk() mishandles NUL byte).
+ - (Nullbyte truncates Exception $message).
+ - (header() cannot detect the multi-line header with CR).
+ - (time_nanosleep() does validate input params).
+ - (Insufficient validating of upload name leading to
+ corrupted $_FILES indices). (CVE-2012-1172).
+ - (array_walk_recursive crashes if third param of the
+ function is by reference).
+ - Improve performance of set_exception_handler while doing reset.
+ - (Include fails with toplevel symlink to /).
+
+
+
+
+- DOM
+
+ - Added debug info handler to DOM objects.
+
+
+
+
+- FPM
+
+ - (Transposed memset() params in sapi/fpm/fpm/fpm_shm.)
+ - (php-fpm compilation problem).
+
+
+
+
+- Fileinfo
+
+ - Upgraded libmagic to 5.
+ - where php_stream_open_wrapper_ex tries to open a
+ directory descriptor under windows.
+ - failure caused by the posix lseek and read versions
+ under windows in cdf_read().
+ - (Unable to detect error from finfo constructor).
+
+
+
+
+- Firebird Database extension (ibase)
+
+ - (ibase_trans() gives segfault when passing params).
+
+
+
+
+- Ibase
+
+ - (Segmentation fault while executing ibase_db_info).
+
+
+
+
+- Installation
+
+ - (Add Apache 2.4 support).
+
+
+
+
+- mysqli
+
+ - (mysql_stat() require a valid connection).
+
+
+
+
+- PDO_mysql
+
+ - (PDO::nextRowset() after a multi-statement query doesn't
+ always work).
+ - (PDO should export compression flag with myslqnd).
+
+
+
+
+- PDO_odbc
+
+ - (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO).
+
+
+
+
+- PDO_pgsql
+
+ - (pdo_pgsql's PDO::exec() returns the number of SELECTed
+ rows on postgresql >= 9).
+
+
+
+
+- PDO_Sqlite extension
+
+ - Add createCollation support.
+
+
+
+
+- pgsql
+
+ - (Compile problem with libpq (PostgreSQL 7.3 or less).
+
+
+
+
+- Phar
+
+ - (Phar::webPhar() generates headers with trailing NUL
+ bytes).
+
+
+
+
+- Readline
+
+ - (Memory leak in readline_callback_handler_install).
+ - Add open_basedir checks to readline_write_history and readline_read_history.
+
+
+
+
+- Reflection
+
+ - (ReflectionObject:getProperties() issues invalid reads
+ when get_properties returns a hash table with (inaccessible) dynamic
+ numeric properties).
+ - (Late static binding doesn't work with
+ ReflectionMethod::invokeArgs()).
+
+
+
+
+- Session
+
+ - (session.save_handler=user without defined function core
+ dumps).
+ - (Segmentation fault when trying to die() in
+ SessionHandler::write()).
+
+
+
+
+- SOAP
+
+ - (gzip compression fails).
+ - (SoapClient ignores user_agent option and sends no
+ User-Agent header).
+ - , (Chunked response parsing error when
+ chunksize length line is > 10 bytes).
+ - (Soap Client stream context header option ignored).
+
+
+
+
+- SPL
+
+ - Fixed memory leak when calling SplFileInfo's constructor twice.
+ - (Segmentation fault when DirectoryIterator's or
+ FilesystemIterator's iterators are requested more than once without
+ having had its dtor callback called in between).
+ - (inconsistent isset behavior of Arrayobject).
+ - (ArrayObject comparison).
+
+
+
+
+- SQLite3 extension
+
+ - Add createCollation() method.
+
+
+
+
+- Streams
+
+ - (stream_context_create() causes memory leaks on use
+ streams_socket_create).
+ - (Wrappers opened with errors concurrency problem on ZTS).
+ - (stream related segfault on fatal error in
+ php_stream_context_link).
+ - (stream_get_line() reads from stream even when there is
+ already sufficient data buffered). stream_get_line() now behaves more like
+ fgets(), as is documented.
+ - Further fix for bug (stream_get_line misbehaves if EOF is not
+ detected together with the last read).
+ - (stream_socket_server silently truncates long unix
+ socket paths).
+
+
+
+
+- Tidy
+
+ - (tidy null pointer dereference).
+
+
+
+
+- XMLRPC
+
+ - (xmlrpc_parse_method_descriptions leaks temporary
+ variable).
+ - (Memory leak in xmlrpc functions copying zvals).
+
+
+
+
+- Zlib
+
+ - (initialization of global inappropriate for ZTS).
+ - (A particular string fails to decompress).
+ - (gzopen leaks when specifying invalid mode).
+
+
+
+
Version 5.3.10
@@ -9938,29 +9946,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.2.17
-
-
-
-- (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) (Rasmus, Scott)
-
-
-
-
-
-
-Version 5.2.16
-
-
-
-- (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
-- (Regression in open_basedir handling). (Ilia)
-
-
-
-
-
Version 5.3.4
@@ -10408,34 +10393,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.2.15
-
-
-
-- Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com)
-- Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre)
-- Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia)
-- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
-- Fixed possible crash in mssql_fetch_batch(). (Kalle)
-- Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz)
-
-- (fix crash if anti-aliasing steps are invalid). (Pierre)
-- (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com)
-- (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (CVE-2010-3709). (Adam)
-- (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
-- (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo)
-- (pdo_dblib segmentation fault when iterating MONEY values). (Felipe, Adam)
-- (Compile error if systems do not have stdint.h) (Sriram Natarajan)
-- (mysqli_report() should be per-request setting). (Kalle)
-- (Zend/tests/bug45877.phpt fails). (Dmitry)
-- (array_diff() takes over 3000 times longer than php 5.2.4). (Felipe)
-- (RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry)
-
-
-
-
-
Version 5.3.3
@@ -10619,93 +10576,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.2.14
-
-
-- Reverted bug fix (PDO fetchObject sets values before calling constructor). (Felipe)
-
-
-- Updated timezone database to version 2010.5. (Derick)
-- Upgraded bundled PCRE to version 8.02. (Ilia)
-
-
-- Rewrote var_export() to use smart_str rather than output buffering, revents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
-- Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe)
-- Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
-- Fixed a possible memory corruption in substr_replace() (Dmitry)
-- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
-- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia)
-- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
-- Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug ). (Raphael Geissert)
-- Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia)
-- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia)
-- Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe)
-
-
-- (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam)
-- (Crash when an Exception occured in iterator_to_array). (Johannes)
-- (Crash when passing the reference of the property of a non-object). (Dmitry)
-- (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe)
-- (custom request header variables with numbers are removed). (Sriram Natarajan)
-- (Invalid E_STRICT redefined constructor error). (Felipe)
-- (memory_limit above 2G). (Felipe)
-- (Memory leak when writing on uninitialized variable returned from function). (Dmitry)
-- (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle)
-- (make lcov doesn't support TESTS variable anymore). (Patrick)
-- (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe)
-- (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com)
-- (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe)
-- (ReflectionParameter fails if default value is an array with an access to self::). (Felipe)
-- (Segfault with strange __destruct() for static class variables). (Dmitry)
-- (imagefill does not work correctly for small images). (Pierre)
-- (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick)
-- (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre)
-- (PDO PGSQL still broken against PostGreSQL <7.4). (Felipe, wdierkes at 5dollarwhitebox dot org)
-- (PHP crash with wrong HTML in SimpleXML). (Felipe)
-- (pg_copy_to: Invalid results when using fourth parameter). (Felipe)
-- (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com)
-- (pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com)
-- (newline in end of header is shown in start of message). (Daniel Egeberg)
-- (query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com)
-- (debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry)
-- (Wrong prototype for SplFileObject::fscanf()). (Etienne)
-- (var_dump() invalid/slow *RECURSION* detection). (Felipe)
-- (DateTime::createFromFormat() fails if format string contains timezone). (Adam)
-- (Wrongly initialized object properties). (Etienne)
-- (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com)
-- (Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl)
-- (zlib.output_compression Overwrites Vary Header). (Adam)
-- (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe)
-- (milter SAPI crash on startup). (igmar at palsenberg dot com)
-- (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com)
-- (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws).
-- (ftp_put() returns false when transfer was successful). (Ilia)
-- (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan)
-- (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia)
-- (imagefill() doesn't work with large images). (Pierre)
-- (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
-- (DBA DB4 uses mismatched headers and libraries). (Chris Jones)
-- (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert)
-- (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com)
-- (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing)
-- (Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe)
-- (Firebird - new PDO() returns NULL). (Felipe)
-- (LimitIterator with empty SeekableIterator). (Etienne)
-- (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
-- (PDO returns null when SQLite connection fails). (Felipe)
-- (Linking fails for iconv). (Moriyosh)
-- (xpath() returns FALSE for legitimate query). (Rob)
-- (iconv_mime_encode() quoted-printable scheme is broken).
- (Adam, patch from hiroaki dot kawai at gmail dot com).
-- (iconv_mime_encode(), broken Q scheme). (Rasmus)
-- (getimagesize() fails to detect width/height on certain
- JPEGs). (Ilia)
-- (syslog() truncates messages). (Adam)
-
-
-
-
Version 5.3.2
@@ -10869,70 +10739,6 @@ FILTER_FLAG_NO_PRIV_RANGE).
-
-Version 5.2.13
-
-
-- Security Fixes
-
- - Improved LCG entropy. (Rasmus, Samy Kamkar)
- - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- - Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
-
-
-
-- Updated timezone database to version 2010.2. (Derick)
-- Upgraded bundled PCRE to version 7.9. (Ilia)
-
-- Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia)
-
-- Changed tidyNode class to disallow manual node creation. (Pierrick)
-
-- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia)
-
-- Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe)
-- Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)
-
-- (Custom content-length set incorrectly in Apache sapis). (Brian France, Rasmus)
-- (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick)
-- (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de)
-- (strip_tags() removes all tags greater then 1023 bytes long). (Ilia)
-- (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani)
-- (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe)
-- (Compile failure: Bad logic in defining fopencookie emulation). (Jani)
-- (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia)
-- (mysqli constructor without parameters does not return a working mysqli object). (Andrey)
-- (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia)
-- (exec() adds single byte twice to $output array). (Ilia)
-- (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia)
-- (Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes)
-- (strtotime() does not support eighth ordinal number). (Ilia)
-- (DOMDocument::loadXML does not allow UTF-16). (Rob)
-- (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia)
-- (MySQLi_Result sets values before calling constructor). (Pierrick)
-- (filter_input() does not return default value if the variable does not exist). (Ilia)
-- (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
-- (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo)
-- (Broken object model when extending tidy). (Pierrick)
-- (Crash while running ldap_next_reference test cases). (Sriram)
-- (compile failure: Conflicting HEADER type declarations). (Jani)
-- (Reference argument converted to value in __call). (Stas)
-- (http wrapper breaks on 1024 char long headers). (Ilia)
-- (imageTTFText text shifted right). (Takeshi Abe)
-- (date_format buffer not long enough for >4 digit years). (Derick, Adam)
-- (setAttributeNS fails setting default namespace). (Rob)
-- (Implementing Iterator and IteratorAggregate). (Etienne)
-- (SoapClient does not honor max_redirects). (Sriram)
-- (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
-- (defined() requires class to exist when testing for class constants). (Ilia)
-- (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
-- (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl)
-- (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
-- (define() allows :: in constant names). (Ilia)
-
-
-
-
Version 5.3.1
@@ -11807,7 +11613,209 @@ FILTER_FLAG_NO_PRIV_RANGE).
(touch() works on files but not on directories). (Pierre)
+
+
+
+Version 5.2.17
+
+
+
+- (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) (Rasmus, Scott)
+
+
+
+
+
+
+Version 5.2.16
+
+
+
+- (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
+- (Regression in open_basedir handling). (Ilia)
+
+
+
+
+
+
+Version 5.2.15
+
+
+
+- Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com)
+- Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre)
+- Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia)
+- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
+- Fixed possible crash in mssql_fetch_batch(). (Kalle)
+- Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz)
+
+- (fix crash if anti-aliasing steps are invalid). (Pierre)
+- (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com)
+- (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (CVE-2010-3709). (Adam)
+- (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
+- (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo)
+- (pdo_dblib segmentation fault when iterating MONEY values). (Felipe, Adam)
+- (Compile error if systems do not have stdint.h) (Sriram Natarajan)
+- (mysqli_report() should be per-request setting). (Kalle)
+- (Zend/tests/bug45877.phpt fails). (Dmitry)
+- (array_diff() takes over 3000 times longer than php 5.2.4). (Felipe)
+- (RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry)
+
+
+
+
+
+
+Version 5.2.14
+
+
+- Reverted bug fix (PDO fetchObject sets values before calling constructor). (Felipe)
+
+
+- Updated timezone database to version 2010.5. (Derick)
+- Upgraded bundled PCRE to version 8.02. (Ilia)
+
+
+- Rewrote var_export() to use smart_str rather than output buffering, revents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
+- Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe)
+- Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
+- Fixed a possible memory corruption in substr_replace() (Dmitry)
+- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
+- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia)
+- Reset error state in PDO::beginTransaction() reset error state. (Ilia)
+- Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug ). (Raphael Geissert)
+- Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia)
+- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia)
+- Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe)
+
+
+- (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam)
+- (Crash when an Exception occured in iterator_to_array). (Johannes)
+- (Crash when passing the reference of the property of a non-object). (Dmitry)
+- (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe)
+- (custom request header variables with numbers are removed). (Sriram Natarajan)
+- (Invalid E_STRICT redefined constructor error). (Felipe)
+- (memory_limit above 2G). (Felipe)
+- (Memory leak when writing on uninitialized variable returned from function). (Dmitry)
+- (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle)
+- (make lcov doesn't support TESTS variable anymore). (Patrick)
+- (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe)
+- (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com)
+- (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe)
+- (ReflectionParameter fails if default value is an array with an access to self::). (Felipe)
+- (Segfault with strange __destruct() for static class variables). (Dmitry)
+- (imagefill does not work correctly for small images). (Pierre)
+- (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick)
+- (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre)
+- (PDO PGSQL still broken against PostGreSQL <7.4). (Felipe, wdierkes at 5dollarwhitebox dot org)
+- (PHP crash with wrong HTML in SimpleXML). (Felipe)
+- (pg_copy_to: Invalid results when using fourth parameter). (Felipe)
+- (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com)
+- (pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com)
+- (newline in end of header is shown in start of message). (Daniel Egeberg)
+- (query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com)
+- (debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry)
+- (Wrong prototype for SplFileObject::fscanf()). (Etienne)
+- (var_dump() invalid/slow *RECURSION* detection). (Felipe)
+- (DateTime::createFromFormat() fails if format string contains timezone). (Adam)
+- (Wrongly initialized object properties). (Etienne)
+- (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com)
+- (Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl)
+- (zlib.output_compression Overwrites Vary Header). (Adam)
+- (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe)
+- (milter SAPI crash on startup). (igmar at palsenberg dot com)
+- (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com)
+- (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws).
+- (ftp_put() returns false when transfer was successful). (Ilia)
+- (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan)
+- (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia)
+- (imagefill() doesn't work with large images). (Pierre)
+- (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
+- (DBA DB4 uses mismatched headers and libraries). (Chris Jones)
+- (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert)
+- (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com)
+- (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing)
+- (Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe)
+- (Firebird - new PDO() returns NULL). (Felipe)
+- (LimitIterator with empty SeekableIterator). (Etienne)
+- (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
+- (PDO returns null when SQLite connection fails). (Felipe)
+- (Linking fails for iconv). (Moriyosh)
+- (xpath() returns FALSE for legitimate query). (Rob)
+- (iconv_mime_encode() quoted-printable scheme is broken).
+ (Adam, patch from hiroaki dot kawai at gmail dot com).
+- (iconv_mime_encode(), broken Q scheme). (Rasmus)
+- (getimagesize() fails to detect width/height on certain
+ JPEGs). (Ilia)
+- (syslog() truncates messages). (Adam)
+
+
+
+
+
+Version 5.2.13
+
+
+- Security Fixes
+
+ - Improved LCG entropy. (Rasmus, Samy Kamkar)
+ - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
+ - Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
+
+
+
+- Updated timezone database to version 2010.2. (Derick)
+- Upgraded bundled PCRE to version 7.9. (Ilia)
+
+- Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia)
+
+- Changed tidyNode class to disallow manual node creation. (Pierrick)
+
+- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia)
+
+- Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe)
+- Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)
+
+- (Custom content-length set incorrectly in Apache sapis). (Brian France, Rasmus)
+- (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick)
+- (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de)
+- (strip_tags() removes all tags greater then 1023 bytes long). (Ilia)
+- (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani)
+- (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe)
+- (Compile failure: Bad logic in defining fopencookie emulation). (Jani)
+- (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia)
+- (mysqli constructor without parameters does not return a working mysqli object). (Andrey)
+- (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia)
+- (exec() adds single byte twice to $output array). (Ilia)
+- (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia)
+- (Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes)
+- (strtotime() does not support eighth ordinal number). (Ilia)
+- (DOMDocument::loadXML does not allow UTF-16). (Rob)
+- (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia)
+- (MySQLi_Result sets values before calling constructor). (Pierrick)
+- (filter_input() does not return default value if the variable does not exist). (Ilia)
+- (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
+- (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo)
+- (Broken object model when extending tidy). (Pierrick)
+- (Crash while running ldap_next_reference test cases). (Sriram)
+- (compile failure: Conflicting HEADER type declarations). (Jani)
+- (Reference argument converted to value in __call). (Stas)
+- (http wrapper breaks on 1024 char long headers). (Ilia)
+- (imageTTFText text shifted right). (Takeshi Abe)
+- (date_format buffer not long enough for >4 digit years). (Derick, Adam)
+- (setAttributeNS fails setting default namespace). (Rob)
+- (Implementing Iterator and IteratorAggregate). (Etienne)
+- (SoapClient does not honor max_redirects). (Sriram)
+- (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
+- (defined() requires class to exist when testing for class constants). (Ilia)
+- (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
+- (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl)
+- (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
+- (define() allows :: in constant names). (Ilia)
+
+
@@ -13702,12 +13710,10 @@ FILTER_FLAG_NO_PRIV_RANGE).
(issue in php_oci_statement_fetch with more than one piecewise column) (jeff at badtz-maru dot com, Tony)
(OCI8 persistent connections misbehave when Apache process times out). (Tony)
(error selecting DOUBLE fields with PDO_ODBC). ("slaws", Wez)
-
-
-
+
Version 5.1.6
@@ -14648,6 +14654,7 @@ FILTER_FLAG_NO_PRIV_RANGE).
+
Version 5.0.5
diff --git a/ChangeLog-7.php b/ChangeLog-7.php
index b0f4b6d7a..fda53b12f 100644
--- a/ChangeLog-7.php
+++ b/ChangeLog-7.php
@@ -5,27 +5,11 @@ include_once __DIR__ . '/include/changelogs.inc';
site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("changelog.css"), "layout_span" => 12));
?>
PHP 7 ChangeLog
-
-Version 7.1.30
-
-- EXIF:
-
- - (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
-
-- GD:
-
- - (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
-
-- Iconv:
-
- - (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
-
-- SQLite:
-
- - (Bypassing open_basedir restrictions via file uris).
-
-
-
+
+7.3 | 7.2
+7.1 | 7.0
+
+
Version 7.3.6
@@ -90,128 +74,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-
-Version 7.2.19
-
-- EXIF:
-
- - (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
-
-- FPM:
-
- - (php-fpm kill -USR2 not working).
- - (static.php.net doesn't work anymore).
-
-- GD:
-
- - (imageantialias($image, false); does not work).
- - (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
-
-- Iconv:
-
- - (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
-
-- JSON:
-
- - (Use after free with json serializer).
-
-- Opcache:
-
- - Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
-
-- PDO_MySQL:
-
- - (Wrong meta pdo_type for bigint on LLP64).
-
-- Reflection:
-
- - (Inconsistent reflection of Closure:::__invoke()).
-
-- Session:
-
- - (Wrong warning for session.sid_bits_per_character).
-
-- SPL:
-
- - (SplFileObject::__toString() may return array).
-
-- SQLite:
-
- - (Bypassing open_basedir restrictions via file uris).
-
-
-
-
-
-Version 7.1.29
-
-- EXIF:
-
- - (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).
-
-- Mail:
-
- - (Potential heap corruption in TSendMail()).
-
-
-
-
-
-Version 7.2.18
-
-- CLI:
-
- - (Incorrect Date header format in built-in server).
-
-- EXIF:
-
- - (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).
-
-- Interbase:
-
- - (Impossibility of creating multiple connections to Interbase with php 7.x).
-
-- Intl:
-
- - (IntlDateFormatter::create fails in strict mode if $locale = null).
-
-- litespeed:
-
- - LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().
-
-- Mail:
-
- - (Potential heap corruption in TSendMail()).
-
-- PCRE:
-
- - (preg_match does not ignore \r in regex flags).
-
-- PDO:
-
- - (Disable cloning of PDO handle/connection objects).
-
-- phpdbg:
-
- - (too many open files).
- - (phpdbg segfaults on listing some conditional breakpoints).
- - (phpdbg build fails when readline is shared).
-
-- Reflection:
-
- - (ReflectionClass::getMethods(null) doesn't work).
- - (Different behavior: always calls destructor).
-
-- Standard:
-
- - (recursive mkdir on ftp stream wrapper is incorrect).
- - (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).
- - (Inconsistent substr_compare behaviour with empty haystack).
-
-
-
-
Version 7.3.5
@@ -283,21 +145,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.28
-
-- EXIF:
-
- - (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
- - (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)
-
-- SQLite3:
-
- - Added sqlite3.defensive INI directive.
-
-
-
-
Version 7.3.4
@@ -376,142 +223,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.2.17
-
-- Core:
-
- - (Nullptr deref in zend_compile_expr).
- - (Segmentation fault on break 2147483648).
- - (Anonymous classes can lose their interface information).
- - (Unable to run tests when building shared extension on AIX).
-
-- Bcmath:
-
- - (bcpow() implementation related to gcc compiler optimization).
-
-- COM:
-
- - (Crash when php unload).
-
-- Date:
-
- - (DateInterval:createDateFromString() silently fails).
- - (Added DatePeriod::getRecurrences() method).
-
-- EXIF:
-
- - (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
- - (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)
-
-- FPM:
-
- - (FPM fails to build on AIX due to missing WCOREDUMP).
-
-- GD:
-
- - (Writing truecolor images as GIF ignores interlace flag).
-
-- MySQLi:
-
- - (mysqli_fetch_field hangs scripts).
-
-- Opcache:
-
- - (Opcache passes wrong value for inline array push assignments).
- - (Incorrect pi node insertion for jmpznz with identical successors).
-
-- phpdbg:
-
- - (phpdbg break cmd aliases listed in help do not match actual aliases).
-
-- sodium:
-
- - (sign_detached() strings not terminated).
-
-- SQLite3:
-
- - Added sqlite3.defensive INI directive.
-
-- Standard:
-
- - (Segmentation fault when using undefined constant in custom wrapper).
- - (Crash in extract() when overwriting extracted array).
- - (var_export() does not create a parsable value for PHP_INT_MIN).
- - (FTP stream wrapper should set the directory as executable).
-
-
-
-
-
-Version 7.1.27
-
-- Core:
-
- - (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)
-
-- EXIF:
-
- - (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)
- - (Invalid Read on exif_process_SOFn). (CVE-2019-9640)
- - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)
- - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)
-
-- PHAR:
-
- - (Null Pointer Dereference in phar_create_or_parse_filename).
- - (phar_tar_writeheaders_int() buffer overflow).
-
-- SPL:
-
- - (openFile() silently truncates after a null byte).
-
-
-
-
-
-Version 7.2.16
-
-- Core:
-
- - (Core dump using parse_ini_string with numeric sections).
- - (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)
-
-- COM:
-
- - (Already defined constants are not properly reported).
-
-- EXIF:
-
- - (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)
- - (Invalid Read on exif_process_SOFn). (CVE-2019-9640)
- - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)
- - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)
-
-- PDO_OCI:
-
- - Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
-
-- PHAR:
-
- - (Null Pointer Dereference in phar_create_or_parse_filename).
-
-- SPL:
-
- - (DirectoryIterator glob:// don't support current path relative queries).
- - (openFile() silently truncates after a null byte).
-
-- Standard:
-
- - (Unintialized php_stream_statbuf in stat functions).
-
-- MySQL:
-
- - Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
-
-
-
-
Version 7.3.3
@@ -575,63 +286,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.2.15
-
-- Core:
-
- - (__callStatic may get incorrect arguments).
- - (Disabling class causes segfault on member access).
- - (PHP crashes when parsing `(2)::class`).
-
-- Curl:
-
- - (Segfault with H2 server push).
-
-- GD:
-
- - (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
- - (gdImageFilledArc() doesn't properly draw pies).
- - (imagescale() may return image resource on failure).
- - (1bpp BMPs may fail to be loaded).
- - (imagewbmp() segfaults with very large images).
-
-- ldap:
-
- - (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
-
-- Mbstring:
-
- - (mb_scrub() silently truncates after a null byte).
-
-- MySQLnd:
-
- - (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
-
-- Opcache:
-
- - (configure fails on 64-bit AIX when opcache enabled).
-
-- OpenSSL:
-
- - (feof might hang on TLS streams in case of fragmented TLS records).
-
-- PDO:
-
- - (array_walk_recursive corrupts value types leading to PDO failure).
-
-- Sockets:
-
- - (socket_recvfrom may return an invalid 'from' address on MacOS).
-
-- Standard:
-
- - (segfault about array_multisort).
- - (parse_str segfaults when inserting item into existing array).
-
-
-
-
Version 7.3.2
@@ -814,141 +468,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.2.14
-
-- Core:
-
- - (memcpy with negative length via crafted DNS response). (CVE-2019-9022)
- - (zend_signal_startup() needs ZEND_API).
- - (PHP generates "FE_FREE" opcode on the wrong line).
-
-- COM:
-
- - (Serializing or unserializing COM objects crashes).
-
-- Date:
-
- - (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
-
-- Exif:
-
- - (Unsigned rational numbers are written out as signed rationals).
-
-- GD:
-
- - (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
- - (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
- - (Incorrect error handling of imagecreatefromjpeg()).
- - (auto cropping has insufficient precision).
- - (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
-
-- IMAP:
-
- - (null pointer dereference in imap_mail).
-
-- Mbstring:
-
- - (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
- - (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
- - (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
- - (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
- - (buffer overflow in fetch_token). (CVE-2019-9023)
- - (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
- - (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
-
-- OCI8:
-
- - (oci_pconnect with OCI_CRED_EXT not working).
- - Added oci_set_call_timeout() for call timeouts.
- - Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
-
-- Opcache:
-
- - (CFG assertion failure on multiple finalizing switch frees in one block).
-
-- PDO:
-
- - Handle invalid index passed to PDOStatement::fetchColumn() as error.
-
-- Phar:
-
- - (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
-
-- Sockets:
-
- - (Unsupported IPV6_RECVPKTINFO constants on macOS).
-
-- SQLite3:
-
- - (Issue with re-binding on SQLite3).
-
-- Xmlrpc:
-
- - (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
- - (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)
-
-
-
-
-
-Version 7.1.26
-
-- Core:
-
- - (memcpy with negative length via crafted DNS response). (CVE-2019-9022)
-
-- GD:
-
- - (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
- - (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
-
-- IMAP:
-
- - (null pointer dereference in imap_mail).
-
-- Mbstring:
-
- - (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
- - (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
- - (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
- - (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
- - (buffer overflow in fetch_token). (CVE-2019-9023)
- - (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
- - (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
-
-- Phar:
-
- - (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
-
-- Xmlrpc:
-
- - (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
- - (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)
-
-
-
-
-
-Version 7.0.33
-
-- Core:
-
- - (Segfault when using convert.quoted-printable-encode filter).
-
-- IMAP:
-
- - (null pointer dereference in imap_mail).
- - (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
-
-- Phar:
-
- - (PharData always creates new files with mode 0666).
- - (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
-
-
-
-
Version 7.3.0
@@ -1274,6 +793,358 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
+
+
+Version 7.2.19
+
+- EXIF:
+
+ - (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
+
+- FPM:
+
+ - (php-fpm kill -USR2 not working).
+ - (static.php.net doesn't work anymore).
+
+- GD:
+
+ - (imageantialias($image, false); does not work).
+ - (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
+
+- Iconv:
+
+ - (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
+
+- JSON:
+
+ - (Use after free with json serializer).
+
+- Opcache:
+
+ - Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
+
+- PDO_MySQL:
+
+ - (Wrong meta pdo_type for bigint on LLP64).
+
+- Reflection:
+
+ - (Inconsistent reflection of Closure:::__invoke()).
+
+- Session:
+
+ - (Wrong warning for session.sid_bits_per_character).
+
+- SPL:
+
+ - (SplFileObject::__toString() may return array).
+
+- SQLite:
+
+ - (Bypassing open_basedir restrictions via file uris).
+
+
+
+
+
+Version 7.2.18
+
+- CLI:
+
+ - (Incorrect Date header format in built-in server).
+
+- EXIF:
+
+ - (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).
+
+- Interbase:
+
+ - (Impossibility of creating multiple connections to Interbase with php 7.x).
+
+- Intl:
+
+ - (IntlDateFormatter::create fails in strict mode if $locale = null).
+
+- litespeed:
+
+ - LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().
+
+- Mail:
+
+ - (Potential heap corruption in TSendMail()).
+
+- PCRE:
+
+ - (preg_match does not ignore \r in regex flags).
+
+- PDO:
+
+ - (Disable cloning of PDO handle/connection objects).
+
+- phpdbg:
+
+ - (too many open files).
+ - (phpdbg segfaults on listing some conditional breakpoints).
+ - (phpdbg build fails when readline is shared).
+
+- Reflection:
+
+ - (ReflectionClass::getMethods(null) doesn't work).
+ - (Different behavior: always calls destructor).
+
+- Standard:
+
+ - (recursive mkdir on ftp stream wrapper is incorrect).
+ - (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).
+ - (Inconsistent substr_compare behaviour with empty haystack).
+
+
+
+
+
+Version 7.2.17
+
+- Core:
+
+ - (Nullptr deref in zend_compile_expr).
+ - (Segmentation fault on break 2147483648).
+ - (Anonymous classes can lose their interface information).
+ - (Unable to run tests when building shared extension on AIX).
+
+- Bcmath:
+
+ - (bcpow() implementation related to gcc compiler optimization).
+
+- COM:
+
+ - (Crash when php unload).
+
+- Date:
+
+ - (DateInterval:createDateFromString() silently fails).
+ - (Added DatePeriod::getRecurrences() method).
+
+- EXIF:
+
+ - (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
+ - (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)
+
+- FPM:
+
+ - (FPM fails to build on AIX due to missing WCOREDUMP).
+
+- GD:
+
+ - (Writing truecolor images as GIF ignores interlace flag).
+
+- MySQLi:
+
+ - (mysqli_fetch_field hangs scripts).
+
+- Opcache:
+
+ - (Opcache passes wrong value for inline array push assignments).
+ - (Incorrect pi node insertion for jmpznz with identical successors).
+
+- phpdbg:
+
+ - (phpdbg break cmd aliases listed in help do not match actual aliases).
+
+- sodium:
+
+ - (sign_detached() strings not terminated).
+
+- SQLite3:
+
+ - Added sqlite3.defensive INI directive.
+
+- Standard:
+
+ - (Segmentation fault when using undefined constant in custom wrapper).
+ - (Crash in extract() when overwriting extracted array).
+ - (var_export() does not create a parsable value for PHP_INT_MIN).
+ - (FTP stream wrapper should set the directory as executable).
+
+
+
+
+
+Version 7.2.16
+
+- Core:
+
+ - (Core dump using parse_ini_string with numeric sections).
+ - (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)
+
+- COM:
+
+ - (Already defined constants are not properly reported).
+
+- EXIF:
+
+ - (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)
+ - (Invalid Read on exif_process_SOFn). (CVE-2019-9640)
+ - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)
+ - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)
+
+- PDO_OCI:
+
+ - Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
+
+- PHAR:
+
+ - (Null Pointer Dereference in phar_create_or_parse_filename).
+
+- SPL:
+
+ - (DirectoryIterator glob:// don't support current path relative queries).
+ - (openFile() silently truncates after a null byte).
+
+- Standard:
+
+ - (Unintialized php_stream_statbuf in stat functions).
+
+- MySQL:
+
+ - Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
+
+
+
+
+
+Version 7.2.15
+
+- Core:
+
+ - (__callStatic may get incorrect arguments).
+ - (Disabling class causes segfault on member access).
+ - (PHP crashes when parsing `(2)::class`).
+
+- Curl:
+
+ - (Segfault with H2 server push).
+
+- GD:
+
+ - (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
+ - (gdImageFilledArc() doesn't properly draw pies).
+ - (imagescale() may return image resource on failure).
+ - (1bpp BMPs may fail to be loaded).
+ - (imagewbmp() segfaults with very large images).
+
+- ldap:
+
+ - (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
+
+- Mbstring:
+
+ - (mb_scrub() silently truncates after a null byte).
+
+- MySQLnd:
+
+ - (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
+
+- Opcache:
+
+ - (configure fails on 64-bit AIX when opcache enabled).
+
+- OpenSSL:
+
+ - (feof might hang on TLS streams in case of fragmented TLS records).
+
+- PDO:
+
+ - (array_walk_recursive corrupts value types leading to PDO failure).
+
+- Sockets:
+
+ - (socket_recvfrom may return an invalid 'from' address on MacOS).
+
+- Standard:
+
+ - (segfault about array_multisort).
+ - (parse_str segfaults when inserting item into existing array).
+
+
+
+
+
+Version 7.2.14
+
+- Core:
+
+ - (memcpy with negative length via crafted DNS response). (CVE-2019-9022)
+ - (zend_signal_startup() needs ZEND_API).
+ - (PHP generates "FE_FREE" opcode on the wrong line).
+
+- COM:
+
+ - (Serializing or unserializing COM objects crashes).
+
+- Date:
+
+ - (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
+
+- Exif:
+
+ - (Unsigned rational numbers are written out as signed rationals).
+
+- GD:
+
+ - (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
+ - (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
+ - (Incorrect error handling of imagecreatefromjpeg()).
+ - (auto cropping has insufficient precision).
+ - (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
+
+- IMAP:
+
+ - (null pointer dereference in imap_mail).
+
+- Mbstring:
+
+ - (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
+ - (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
+ - (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
+ - (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
+ - (buffer overflow in fetch_token). (CVE-2019-9023)
+ - (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
+ - (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
+
+- OCI8:
+
+ - (oci_pconnect with OCI_CRED_EXT not working).
+ - Added oci_set_call_timeout() for call timeouts.
+ - Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
+
+- Opcache:
+
+ - (CFG assertion failure on multiple finalizing switch frees in one block).
+
+- PDO:
+
+ - Handle invalid index passed to PDOStatement::fetchColumn() as error.
+
+- Phar:
+
+ - (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
+
+- Sockets:
+
+ - (Unsupported IPV6_RECVPKTINFO constants on macOS).
+
+- SQLite3:
+
+ - (Issue with re-binding on SQLite3).
+
+- Xmlrpc:
+
+ - (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
+ - (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)
+
+
+
+
Version 7.2.13
@@ -1332,55 +1203,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.25
-
-- Core:
-
- - (zend_signal_startup() needs ZEND_API).
- - (Segfault when using convert.quoted-printable-encode filter).
-
-- ftp:
-
- - (ftp_close(): SSL_read on shutdown).
-
-- iconv:
-
- - (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
-
-- IMAP:
-
- - (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
-
-- ODBC:
-
- - (odbc_fetch_object has incorrect type signature).
-
-- Opcache:
-
- - (Type inference in opcache causes side effects).
-
-- Phar:
-
- - (PharData always creates new files with mode 0666).
- - (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
-
-- PGSQL:
-
- - (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).
-
-- SOAP:
-
- - (WSDL_CACHE_MEMORY causes Segmentation fault).
- - (Signedness issue in SOAP when precision=-1).
-
-- Sockets:
-
- - (Validate length on socket_write).
-
-
-
-
Version 7.2.12
@@ -1441,48 +1263,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.24
-
-- Core:
-
- - (Cyclic reference in generator not detected).
- - (The phpize and ./configure create redundant .deps file).
- - (buildconf should output error messages to stderr) (Mizunashi Mana)
-
-- Date:
-
- - (Year component overflow with date formats "c", "o", "r" and "y").
-
-- FCGI:
-
- - (Failed shutdown/reboot or end session in Windows).
- - (apache_response_headers removes last character from header name).
-
-- FTP:
-
- - (Data truncation due to forceful ssl socket shutdown).
-
-- intl:
-
- - (U_ARGUMENT_TYPE_MISMATCH).
-
-- Standard:
-
- - (INI_SCANNER_RAW doesn't strip trailing whitespace).
-
-- Tidy:
-
- - (tidy::getOptDoc() not available on Windows).
-
-- XML:
-
- - (xml_parse_into_struct() does not resolve entities).
- - Add support for getting SKIP_TAGSTART and SKIP_WHITE options.
-
-
-
-
Version 7.2.11
@@ -1529,47 +1309,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.23
-
-- Core:
-
- - (method_exists on SPL iterator passthrough method corrupts memory).
- - (Segfault in shutdown function after memory limit error).
-
-- CURL:
-
- - (Use curl_multi_wait() so that timeouts are respected).
-
-- iconv:
-
- - (iconv_mime_encode Q-encoding longer than it should be).
-
-- Opcache:
-
- - (ZendOPcache.MemoryBase periodically deleted by the OS).
-
-- POSIX:
-
- - (posix_getgrnam fails to print details of group).
-
-- Reflection:
-
- - (Wrong exception being thrown when using ReflectionMethod).
-
-- Standard:
-
- - (Wrong error message when fopen FTP wrapped fails to open data connection).
- - (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
- - (array_reduce is slow when $carry is large array).
-
-- Zlib:
-
- - (php_zlib_inflate_filter() may not update bytes_consumed).
-
-
-
-
Version 7.2.10
@@ -1639,84 +1378,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.22
-
-- Core:
-
- - (parent private constant in extends class memory leak).
- - (Generate enabled extension).
-
-- Apache2:
-
- - (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)
-
-- Bz2:
-
- - Fixed arginfo for bzcompress.
-
-- gettext:
-
- - (incorrect restoring of LDFLAGS).
-
-- iconv:
-
- - (iconv_mime_decode can return extra characters in a header).
- - (iconv_mime_decode_headers function is skipping headers).
- - (iconv_mime_decode does ignore special characters).
- - (iconv_mime_decode_headers() skips some headers).
-
-- intl:
-
- - (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
-
-- libxml:
-
- - ("public id" parameter of libxml_set_external_entity_loader callback undefined).
-
-- mbstring:
-
- - (mb_detect_order return value varies based on argument type).
-
-- Opcache:
-
- - (Opcache treats path containing "test.pharma.tld" as a phar file).
-
-- OpenSSL:
-
- - (unusable ssl => peer_fingerprint in stream_context_create()).
-
-- phpdbg:
-
- - (phpdbg man page contains outdated information).
-
-- SPL:
-
- - (Exception in DirectoryIterator::getLinkTarget()).
- - (RegexIterator pregFlags are NULL instead of 0).
-
-- Standard:
-
- - (array_reduce leaks memory if callback throws exception).
-
-- zlib:
-
- - (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
- - (Minimal required zlib library is 1.2.0.4).
-
-
-
-
-
-Version 7.0.32
-
-- Apache2:
-
- - (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)
-
-
-
-
Version 7.2.9
@@ -1753,42 +1414,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.21
-
-- Calendar:
-
- - (jewish.c: compile error under Windows with GBK charset).
-
-- Filter:
-
- - (References in sub-array for filtering breaks the filter).
-
-- PDO_Firebird:
-
- - (Memory leak when fetching a BLOB field).
-
-- PDO_PgSQL:
-
- - (Possible Memory Leak using PDO::CURSOR_SCROLL option).
-
-- SQLite3:
-
- - (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
-
-- Standard:
-
- - (array_column: null values in $index_key become incrementing keys in result).
- - (Incorrect entries in get_html_translation_table).
- - (Segmentation fault when using `output_add_rewrite_var`).
-
-- Zip:
-
- - (ZipArchive memory leak (OVERWRITE flag and empty archive)).
-
-
-
-
Version 7.2.8
@@ -1857,80 +1482,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.20
-
-- Core:
-
- - (PHP hangs on 'illegal string offset on string references with an error handler).
- - (Chain of mixed exceptions and errors does not serialize properly).
-
-- Date:
-
- - (Undefined property: DateInterval::$f).
-
-- exif:
-
- - (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
- - (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
-
-- FPM:
-
- - (Vulnerability in php-fpm by changing stdin to non-blocking).
-
-- GMP:
-
- - (Integer Underflow when unserializing GMP and possible other classes).
-
-- intl:
-
- - (get_debug_info handler for BreakIterator shows wrong type).
-
-- mbstring:
-
- - (Integer overflow and excessive memory usage in mb_strimwidth).
-
-- PGSQL:
-
- - (pg_fetch_result did not fetch the next row).
-
-- phpdbg:
-
- - Fix arginfo wrt. optional/required parameters.
-
-- Reflection:
-
- - (PHP crashes with core dump when throwing exception in error handler).
- - (ReflectionProperty#getValue() incorrectly works with inherited classes).
-
-- Standard:
-
- - (array_merge_recursive() is duplicating sub-array keys).
- - (getimagesize with $imageinfo returns false).
-
-- Win32:
-
- - (windows linkinfo lacks openbasedir check). (CVE-2018-15132)
-
-
-
-
-
-
-Version 7.0.31
-
-- Exif:
-
- - (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
- - (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
-
-- Win32:
-
- - (windows linkinfo lacks openbasedir check). (CVE-2018-15132)
-
-
-
-
Version 7.2.7
@@ -1959,30 +1510,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.19
-
-- CLI Server:
-
- - (PHP built-in server does not find files if root path contains special characters).
-
-- OpenSSL:
-
- - (openssl_pkey_get_public does not respect open_basedir).
- - (openssl extension fails to build with LibreSSL 2.7).
-
-- SPL:
-
- - (NoRewindIterator segfault 11).
-
-- Standard:
-
- - ("link(): Bad file descriptor" with non-ASCII path).
- - (array_map on $GLOBALS returns IS_INDIRECT).
-
-
-
-
Version 7.2.6
@@ -2015,30 +1542,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.18
-
-- FPM:
-
- - --with-fpm-acl wrongly tries to find libacl on FreeBSD.
-
-- intl:
-
- - (Locale::parseLocale() broken with some arguments).
-
-- Opcache:
-
- - (PHP-FPM sporadic crash when running Infinitewp).
- - (Assertion failure in file cache when unserializing empty try_catch_array).
- - (Opcache causes incorrect "undefined variable" errors).
-
-- Reflection:
-
- - Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).
-
-
-
-
Version 7.2.5
@@ -2108,84 +1611,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.17
-
-- Date:
-
- - (mismatch arginfo for date_create).
-
-- Exif:
-
- - (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
-
-- FPM:
-
- - (ERROR: failed to reload: execvp() failed: Argument list too long).
- - Fixed incorrect write to getenv result in FPM reload.
-
-- GD:
-
- - (imagedashedline() - dashed line sometimes is not visible).
-
-- iconv:
-
- - (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
-
-- intl:
-
- - (Intl compilation fails with icu4c 61.1).
-
-- ldap:
-
- - (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
-
-- mbstring:
-
- - (Wrong cp1251 detection).
- - (mbstring does not build with Oniguruma 6.8.1).
-
-- Phar:
-
- - (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
-
-- phpdbg:
-
- - (Memory corruption: arbitrary NUL overwrite).
-
-- SPL:
-
- - (mismatch arginfo for splarray constructor).
-
-- standard:
-
- - (incorrect url in header for mt_rand).
-
-
-
-
-
-Version 7.0.30
-
-- Exif:
-
- - (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
-
-- iconv:
-
- - (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
-
-- LDAP:
-
- - (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
-
-- Phar:
-
- - (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
-
-
-
-
Version 7.2.4
@@ -2241,52 +1666,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.16
-
-- Core:
-
- - (Segfault while throwing exception in error_handler).
- - ('date: illegal option -- -' in ./configure on FreeBSD).
-
-- FPM:
-
- - (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
-
-- GD:
-
- - (signed integer conversion in imagescale()).
-
-- ODBC:
-
- - (ODBC functions are not available by default on Windows).
-
-- Opcache:
-
- - (opcache corrupts variable in for-loop).
-
-- Phar:
-
- - (Segmentation fault in buildFromIterator when directory name contains a \n).
-
-- Standard:
-
- - (mail.add_x_header default inconsistent with docs).
- - (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).
-
-
-
-
-
-Version 7.0.29
-
-- FPM:
-
- - (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
-
-
-
-
Version 7.2.3
@@ -2344,62 +1723,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.15
-
-- Apache2Handler:
-
- - (a simple way for segfaults in threadsafe php just with configuration).
-
-- Date:
-
- - (Timezone gets truncated when formatted).
- - (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).
- - (calling var_dump on a DateTimeZone object modifies it).
-
-- PGSQL:
-
- - Fixed #75838 (Memory leak in pg_escape_bytea()).
-
-- ODBC:
-
- - (Unable to retrieve value of varchar(max) type).
-
-- LDAP:
-
- - (Fix LDAP path lookup on 64-bit distros).
-
-- libxml2:
-
- - (use pkg-config where available).
-
-- Phar:
-
- - (deal with leading slash when adding files correctly).
-
-- SPL:
-
- - (strange behavior of AppendIterator).
-
-- Standard:
-
- - (DNS_CAA record results contain garbage).
- - (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
-
-
-
-
-
-
-Version 7.0.28
-
-- Standard:
-
- - (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
-
-
-
-
Version 7.2.2
@@ -2470,60 +1793,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.1.14
-
-- Core:
-
- - (Path 260 character problem).
- - (segfault when using spread operator on generator passed by reference).
- - (arg of get_defined_functions is optional).
- - (Exit inside generator finally results in fatal error).
- - (self keyword leads to incorrectly generated TypeError when in closure in trait).
-
-- FCGI:
-
- - (getenv() crashes on Windows 7.2.1 when second parameter is false).
-
-- IMAP:
-
- - (imap_append HeapCorruction).
-
-- Opcache:
-
- - (File cache not populated after SHM runs full).
- - (Interned strings buffer overflow may cause crash).
-
-- PGSQL:
-
- - (pg_version() crashes when called on a connection to cockroach).
-
-- Readline:
-
- - (readline_read_history segfaults with empty file).
-
-- SAPI:
-
- - ([embed SAPI] Segmentation fault in sapi_register_post_entry).
-
-- SOAP:
-
- - (SoapClient generates E_ERROR even if exceptions=1 is used).
- - (Segmentation fault in zend_string_release).
-
-- SPL:
-
- - (RecursiveArrayIterator does not traverse arrays by reference).
- - (RecursiveArrayIterator doesn't have constants from parent class).
- - (RecursiveArrayIterator does not iterate object properties).
-
-- Standard:
-
- - (substr_count incorrect result).
-
-
-
-
Version 7.2.1
@@ -2578,104 +1847,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-
-Version 7.1.13
-
-- Core:
-
- - (Segmentation fault in 7.1.12 and 7.0.26).
- - (PHP seems incompatible with OneDrive files on demand).
- - (Unable to clone instance when private __clone defined).
- - (php-process crash when is_file() is used with strings longer 260 chars).
-
-- CLI Server:
-
- - (Random "Invalid request (unexpected EOF)" using a router script).
- - (Directory does not exist).
-
-- FPM:
-
- - (libxml_disable_entity_loader setting is shared between requests).
-
-- GD:
-
- - (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
-
-- Opcache:
-
- - ("Narrowing occurred during type inference" error).
- - (Interned strings buffer overflow may cause crash).
- - ("Narrowing occurred during type inference" error).
-
-- PCRE:
-
- - (preg_last_error not returning error code after error).
-
-- Phar:
-
- - (Reflected XSS in .phar 404 page). (CVE-2018-5712)
-
-- Standard:
-
- - (fread not free unused buffer).
- - (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
- - (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)
- - (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
- - (php_ini_scanned_files() not reporting correctly).
- - (putenv does not work properly if parameter contains non-ASCII unicode character).
-
-- Zip:
-
- - (Segfault with libzip 1.3.1).
-
-
-
-
-
-Version 7.0.27
-
-- CLI Server:
-
- - (Random "Invalid request (unexpected EOF)" using a router script).
-
-- Core:
-
- - (PHP seems incompatible with OneDrive files on demand).
- - (Segmentation fault in 7.1.12 and 7.0.26).
-
-- FPM:
-
- - (libxml_disable_entity_loader setting is shared between requests).
-
-- GD:
-
- - (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
-
-- Opcache:
-
- - (Interned strings buffer overflow may cause crash).
-
-- PCRE:
-
- - (preg_last_error not returning error code after error).
-
-- Phar:
-
- - (Reflected XSS in .phar 404 page). (CVE-2018-5712)
-
-- Standard:
-
- - (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)
- - (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
-
-- Zip:
-
- - (Segfault with libzip 1.3.1).
-
-
-
-
Version 7.2.0
@@ -2961,6 +2132,710 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
+
+
+Version 7.1.30
+
+- EXIF:
+
+ - (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
+
+- GD:
+
+ - (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
+
+- Iconv:
+
+ - (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
+
+- SQLite:
+
+ - (Bypassing open_basedir restrictions via file uris).
+
+
+
+
+
+Version 7.1.29
+
+- EXIF:
+
+ - (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).
+
+- Mail:
+
+ - (Potential heap corruption in TSendMail()).
+
+
+
+
+
+Version 7.1.28
+
+- EXIF:
+
+ - (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
+ - (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)
+
+- SQLite3:
+
+ - Added sqlite3.defensive INI directive.
+
+
+
+
+
+Version 7.1.27
+
+- Core:
+
+ - (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)
+
+- EXIF:
+
+ - (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)
+ - (Invalid Read on exif_process_SOFn). (CVE-2019-9640)
+ - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)
+ - (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)
+
+- PHAR:
+
+ - (Null Pointer Dereference in phar_create_or_parse_filename).
+ - (phar_tar_writeheaders_int() buffer overflow).
+
+- SPL:
+
+ - (openFile() silently truncates after a null byte).
+
+
+
+
+
+Version 7.1.26
+
+- Core:
+
+ - (memcpy with negative length via crafted DNS response). (CVE-2019-9022)
+
+- GD:
+
+ - (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
+ - (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
+
+- IMAP:
+
+ - (null pointer dereference in imap_mail).
+
+- Mbstring:
+
+ - (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
+ - (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
+ - (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
+ - (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
+ - (buffer overflow in fetch_token). (CVE-2019-9023)
+ - (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
+ - (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
+
+- Phar:
+
+ - (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
+
+- Xmlrpc:
+
+ - (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
+ - (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)
+
+
+
+
+
+
+Version 7.1.25
+
+- Core:
+
+ - (zend_signal_startup() needs ZEND_API).
+ - (Segfault when using convert.quoted-printable-encode filter).
+
+- ftp:
+
+ - (ftp_close(): SSL_read on shutdown).
+
+- iconv:
+
+ - (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
+
+- IMAP:
+
+ - (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
+
+- ODBC:
+
+ - (odbc_fetch_object has incorrect type signature).
+
+- Opcache:
+
+ - (Type inference in opcache causes side effects).
+
+- Phar:
+
+ - (PharData always creates new files with mode 0666).
+ - (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
+
+- PGSQL:
+
+ - (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).
+
+- SOAP:
+
+ - (WSDL_CACHE_MEMORY causes Segmentation fault).
+ - (Signedness issue in SOAP when precision=-1).
+
+- Sockets:
+
+ - (Validate length on socket_write).
+
+
+
+
+
+Version 7.1.24
+
+- Core:
+
+ - (Cyclic reference in generator not detected).
+ - (The phpize and ./configure create redundant .deps file).
+ - (buildconf should output error messages to stderr) (Mizunashi Mana)
+
+- Date:
+
+ - (Year component overflow with date formats "c", "o", "r" and "y").
+
+- FCGI:
+
+ - (Failed shutdown/reboot or end session in Windows).
+ - (apache_response_headers removes last character from header name).
+
+- FTP:
+
+ - (Data truncation due to forceful ssl socket shutdown).
+
+- intl:
+
+ - (U_ARGUMENT_TYPE_MISMATCH).
+
+- Standard:
+
+ - (INI_SCANNER_RAW doesn't strip trailing whitespace).
+
+- Tidy:
+
+ - (tidy::getOptDoc() not available on Windows).
+
+- XML:
+
+ - (xml_parse_into_struct() does not resolve entities).
+ - Add support for getting SKIP_TAGSTART and SKIP_WHITE options.
+
+
+
+
+
+Version 7.1.23
+
+- Core:
+
+ - (method_exists on SPL iterator passthrough method corrupts memory).
+ - (Segfault in shutdown function after memory limit error).
+
+- CURL:
+
+ - (Use curl_multi_wait() so that timeouts are respected).
+
+- iconv:
+
+ - (iconv_mime_encode Q-encoding longer than it should be).
+
+- Opcache:
+
+ - (ZendOPcache.MemoryBase periodically deleted by the OS).
+
+- POSIX:
+
+ - (posix_getgrnam fails to print details of group).
+
+- Reflection:
+
+ - (Wrong exception being thrown when using ReflectionMethod).
+
+- Standard:
+
+ - (Wrong error message when fopen FTP wrapped fails to open data connection).
+ - (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
+ - (array_reduce is slow when $carry is large array).
+
+- Zlib:
+
+ - (php_zlib_inflate_filter() may not update bytes_consumed).
+
+
+
+
+
+Version 7.1.22
+
+- Core:
+
+ - (parent private constant in extends class memory leak).
+ - (Generate enabled extension).
+
+- Apache2:
+
+ - (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)
+
+- Bz2:
+
+ - Fixed arginfo for bzcompress.
+
+- gettext:
+
+ - (incorrect restoring of LDFLAGS).
+
+- iconv:
+
+ - (iconv_mime_decode can return extra characters in a header).
+ - (iconv_mime_decode_headers function is skipping headers).
+ - (iconv_mime_decode does ignore special characters).
+ - (iconv_mime_decode_headers() skips some headers).
+
+- intl:
+
+ - (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
+
+- libxml:
+
+ - ("public id" parameter of libxml_set_external_entity_loader callback undefined).
+
+- mbstring:
+
+ - (mb_detect_order return value varies based on argument type).
+
+- Opcache:
+
+ - (Opcache treats path containing "test.pharma.tld" as a phar file).
+
+- OpenSSL:
+
+ - (unusable ssl => peer_fingerprint in stream_context_create()).
+
+- phpdbg:
+
+ - (phpdbg man page contains outdated information).
+
+- SPL:
+
+ - (Exception in DirectoryIterator::getLinkTarget()).
+ - (RegexIterator pregFlags are NULL instead of 0).
+
+- Standard:
+
+ - (array_reduce leaks memory if callback throws exception).
+
+- zlib:
+
+ - (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
+ - (Minimal required zlib library is 1.2.0.4).
+
+
+
+
+
+Version 7.1.21
+
+- Calendar:
+
+ - (jewish.c: compile error under Windows with GBK charset).
+
+- Filter:
+
+ - (References in sub-array for filtering breaks the filter).
+
+- PDO_Firebird:
+
+ - (Memory leak when fetching a BLOB field).
+
+- PDO_PgSQL:
+
+ - (Possible Memory Leak using PDO::CURSOR_SCROLL option).
+
+- SQLite3:
+
+ - (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
+
+- Standard:
+
+ - (array_column: null values in $index_key become incrementing keys in result).
+ - (Incorrect entries in get_html_translation_table).
+ - (Segmentation fault when using `output_add_rewrite_var`).
+
+- Zip:
+
+ - (ZipArchive memory leak (OVERWRITE flag and empty archive)).
+
+
+
+
+
+Version 7.1.20
+
+- Core:
+
+ - (PHP hangs on 'illegal string offset on string references with an error handler).
+ - (Chain of mixed exceptions and errors does not serialize properly).
+
+- Date:
+
+ - (Undefined property: DateInterval::$f).
+
+- exif:
+
+ - (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
+ - (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
+
+- FPM:
+
+ - (Vulnerability in php-fpm by changing stdin to non-blocking).
+
+- GMP:
+
+ - (Integer Underflow when unserializing GMP and possible other classes).
+
+- intl:
+
+ - (get_debug_info handler for BreakIterator shows wrong type).
+
+- mbstring:
+
+ - (Integer overflow and excessive memory usage in mb_strimwidth).
+
+- PGSQL:
+
+ - (pg_fetch_result did not fetch the next row).
+
+- phpdbg:
+
+ - Fix arginfo wrt. optional/required parameters.
+
+- Reflection:
+
+ - (PHP crashes with core dump when throwing exception in error handler).
+ - (ReflectionProperty#getValue() incorrectly works with inherited classes).
+
+- Standard:
+
+ - (array_merge_recursive() is duplicating sub-array keys).
+ - (getimagesize with $imageinfo returns false).
+
+- Win32:
+
+ - (windows linkinfo lacks openbasedir check). (CVE-2018-15132)
+
+
+
+
+
+Version 7.1.19
+
+- CLI Server:
+
+ - (PHP built-in server does not find files if root path contains special characters).
+
+- OpenSSL:
+
+ - (openssl_pkey_get_public does not respect open_basedir).
+ - (openssl extension fails to build with LibreSSL 2.7).
+
+- SPL:
+
+ - (NoRewindIterator segfault 11).
+
+- Standard:
+
+ - ("link(): Bad file descriptor" with non-ASCII path).
+ - (array_map on $GLOBALS returns IS_INDIRECT).
+
+
+
+
+
+Version 7.1.18
+
+- FPM:
+
+ - --with-fpm-acl wrongly tries to find libacl on FreeBSD.
+
+- intl:
+
+ - (Locale::parseLocale() broken with some arguments).
+
+- Opcache:
+
+ - (PHP-FPM sporadic crash when running Infinitewp).
+ - (Assertion failure in file cache when unserializing empty try_catch_array).
+ - (Opcache causes incorrect "undefined variable" errors).
+
+- Reflection:
+
+ - Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).
+
+
+
+
+
+Version 7.1.17
+
+- Date:
+
+ - (mismatch arginfo for date_create).
+
+- Exif:
+
+ - (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
+
+- FPM:
+
+ - (ERROR: failed to reload: execvp() failed: Argument list too long).
+ - Fixed incorrect write to getenv result in FPM reload.
+
+- GD:
+
+ - (imagedashedline() - dashed line sometimes is not visible).
+
+- iconv:
+
+ - (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
+
+- intl:
+
+ - (Intl compilation fails with icu4c 61.1).
+
+- ldap:
+
+ - (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
+
+- mbstring:
+
+ - (Wrong cp1251 detection).
+ - (mbstring does not build with Oniguruma 6.8.1).
+
+- Phar:
+
+ - (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
+
+- phpdbg:
+
+ - (Memory corruption: arbitrary NUL overwrite).
+
+- SPL:
+
+ - (mismatch arginfo for splarray constructor).
+
+- standard:
+
+ - (incorrect url in header for mt_rand).
+
+
+
+
+
+Version 7.1.16
+
+- Core:
+
+ - (Segfault while throwing exception in error_handler).
+ - ('date: illegal option -- -' in ./configure on FreeBSD).
+
+- FPM:
+
+ - (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
+
+- GD:
+
+ - (signed integer conversion in imagescale()).
+
+- ODBC:
+
+ - (ODBC functions are not available by default on Windows).
+
+- Opcache:
+
+ - (opcache corrupts variable in for-loop).
+
+- Phar:
+
+ - (Segmentation fault in buildFromIterator when directory name contains a \n).
+
+- Standard:
+
+ - (mail.add_x_header default inconsistent with docs).
+ - (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).
+
+
+
+
+
+Version 7.1.15
+
+- Apache2Handler:
+
+ - (a simple way for segfaults in threadsafe php just with configuration).
+
+- Date:
+
+ - (Timezone gets truncated when formatted).
+ - (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).
+ - (calling var_dump on a DateTimeZone object modifies it).
+
+- PGSQL:
+
+ - Fixed #75838 (Memory leak in pg_escape_bytea()).
+
+- ODBC:
+
+ - (Unable to retrieve value of varchar(max) type).
+
+- LDAP:
+
+ - (Fix LDAP path lookup on 64-bit distros).
+
+- libxml2:
+
+ - (use pkg-config where available).
+
+- Phar:
+
+ - (deal with leading slash when adding files correctly).
+
+- SPL:
+
+ - (strange behavior of AppendIterator).
+
+- Standard:
+
+ - (DNS_CAA record results contain garbage).
+ - (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
+
+
+
+
+
+Version 7.1.14
+
+- Core:
+
+ - (Path 260 character problem).
+ - (segfault when using spread operator on generator passed by reference).
+ - (arg of get_defined_functions is optional).
+ - (Exit inside generator finally results in fatal error).
+ - (self keyword leads to incorrectly generated TypeError when in closure in trait).
+
+- FCGI:
+
+ - (getenv() crashes on Windows 7.2.1 when second parameter is false).
+
+- IMAP:
+
+ - (imap_append HeapCorruction).
+
+- Opcache:
+
+ - (File cache not populated after SHM runs full).
+ - (Interned strings buffer overflow may cause crash).
+
+- PGSQL:
+
+ - (pg_version() crashes when called on a connection to cockroach).
+
+- Readline:
+
+ - (readline_read_history segfaults with empty file).
+
+- SAPI:
+
+ - ([embed SAPI] Segmentation fault in sapi_register_post_entry).
+
+- SOAP:
+
+ - (SoapClient generates E_ERROR even if exceptions=1 is used).
+ - (Segmentation fault in zend_string_release).
+
+- SPL:
+
+ - (RecursiveArrayIterator does not traverse arrays by reference).
+ - (RecursiveArrayIterator doesn't have constants from parent class).
+ - (RecursiveArrayIterator does not iterate object properties).
+
+- Standard:
+
+ - (substr_count incorrect result).
+
+
+
+
+
+Version 7.1.13
+
+- Core:
+
+ - (Segmentation fault in 7.1.12 and 7.0.26).
+ - (PHP seems incompatible with OneDrive files on demand).
+ - (Unable to clone instance when private __clone defined).
+ - (php-process crash when is_file() is used with strings longer 260 chars).
+
+- CLI Server:
+
+ - (Random "Invalid request (unexpected EOF)" using a router script).
+ - (Directory does not exist).
+
+- FPM:
+
+ - (libxml_disable_entity_loader setting is shared between requests).
+
+- GD:
+
+ - (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
+
+- Opcache:
+
+ - ("Narrowing occurred during type inference" error).
+ - (Interned strings buffer overflow may cause crash).
+ - ("Narrowing occurred during type inference" error).
+
+- PCRE:
+
+ - (preg_last_error not returning error code after error).
+
+- Phar:
+
+ - (Reflected XSS in .phar 404 page). (CVE-2018-5712)
+
+- Standard:
+
+ - (fread not free unused buffer).
+ - (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
+ - (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)
+ - (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
+ - (php_ini_scanned_files() not reporting correctly).
+ - (putenv does not work properly if parameter contains non-ASCII unicode character).
+
+- Zip:
+
+ - (Segfault with libzip 1.3.1).
+
+
+
+
+
Version 7.1.12
@@ -3027,72 +2902,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.26
-
-- Core:
-
- - (Crash when modifing property name in __isset for BP_VAR_IS).
- - (mmap/munmap trashing on unlucky allocations).
-
-- CLI:
-
- - (Builtin webserver crash after chdir in a shutdown function).
-
-- Enchant:
-
- - (enchant_broker_get_path crashes if no path is set).
- - (Enchant still reports version 1.1.0).
-
-- Exif:
-
- - (Exif extension has built in revision version).
-
-- GD:
-
- - (imagerotate may alter image dimensions).
- - (Wrong reflection on imagewebp).
-
-- intl:
-
- - (UConverter::setDestinationEncoding changes source instead of destination).
-
-- interbase:
-
- - (Incorrect reflection for ibase_[p]connect).
-
-- Mysqli:
-
- - (Wrong reflection for mysqli_fetch_all function).
-
-- OCI8:
-
- - Fixed valgrind issue.
-
-- Opcache:
-
- - (Warning Internal error: wrong size calculation).
-
-- OpenSSL:
-
- - (openssl_x509_parse leaks memory).
- - (Wrong reflection for openssl_open function).
-
-- PGSQL:
-
- - (Default link incorrectly cleared/linked by pg_close()).
-
-- SOAP:
-
- - (Wrong reflection on SoapClient::__setSoapHeaders).
-
-- Zlib:
-
- - (Wrong reflection on inflate_init and inflate_add).
-
-
-
-
Version 7.1.11
@@ -3156,53 +2965,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.25
-
-- Core:
-
- - (Null pointer dereference in zend_mm_alloc_small()).
- - (infinite loop when printing an error-message).
- - (Incorrect token formatting on two parse errors in one request).
- - (Segfault when calling is_callable on parent).
- - (debug info of Closures of internal functions contain garbage argument names).
-
-- Apache2Handler:
-
- - (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).
-
-- Date:
-
- - (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
-
-- Intl:
-
- - (The parameter of UConverter::getAliases() is not optional).
-
-- mcrypt:
-
- - (arcfour encryption stream filter crashes php).
-
-- OCI8:
-
- - Fixed incorrect reference counting.
-
-- PCRE:
-
- - (applied upstream patch for CVE-2016-1283).
-
-- litespeed:
-
- - (Binary directory doesn't get created when building only litespeed SAPI).
- - (Missing program prefix and suffix).
-
-- SPL:
-
- - (SplDoublyLinkedList::setIteratorMode masks intern flags).
-
-
-
-
Version 7.1.10
@@ -3256,56 +3018,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.24
-
-- Core:
-
- - (run-tests.php issues with EXTENSION block).
-
-- BCMath:
-
- - (bcpowmod() fails if scale != 0).
- - (BC math handles minus zero incorrectly).
- - (bcpowmod() may return 1 if modulus is 1).
- - (bcpowmod() misbehaves for non-integer base or modulus).
-
-- CLI server:
-
- - (Built-in server truncates headers spanning over TCP packets).
-
-- CURL:
-
- - (OpenSSL support not detected).
-
-- GD:
-
- - (gdImageGrayScale() may produce colors).
- - (libgd/gd_interpolation.c:1786: suspicious if ?).
-
-- Gettext:
-
- - (textdomain(null) throws in strict mode).
-
-- Intl:
-
- - (IntlGregorianCalendar doesn't have constants from parent class).
-
-- PDO_OCI:
-
- - (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
-
-- SPL:
-
- - (incorrect behavior of AppendIterator::append in foreach loop).
-
-- Standard:
-
- - (gethostname fails if your host name is 64 chars long).
-
-
-
-
Version 7.1.9
@@ -3389,81 +3101,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.23
-
-- Core:
-
- - (Segfault in scanner on INF number).
- - (null deref and segfault in zend_generator_resume()).
- - (html_errors=1 breaks unhandled exceptions).
- - (NAN comparison).
-
-- cURL:
-
- - (Fixed finding CURL on systems with multiarch support).
-
-- Date:
-
-- (Null Pointer Dereference in timelib_time_clone).
-
-- Intl:
-
- - (Wrong reflection on some locale_* functions).
-
-- Mbstring:
-
- - (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
- - (mb_convert_kana() does not convert iteration marks).
- - (Wrong reflection on mb_eregi_replace).
-
-- MySQLi:
-
- - (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
-
-- OCI8:
-
- - Expose oci_unregister_taf_callback() (Tianfang Yang)
-
-- phar:
-
- - (include_path has a 4096 char limit in some cases).
-
-- Reflection:
-
- - (null pointer dereference in _function_string).
-
-- Session:
-
- - (SID constant created with wrong module number).
-
-- SimpleXML:
-
- - (nullpointer deref in simplexml_element_getDocNamespaces).
-
-- SPL:
-
- - (spl_autoload_unregister can't handle spl_autoload_functions results).
- - (Unserialize ArrayIterator broken).
- - (Crash in recursive iterator destructors).
-
-- Standard:
-
- - (unpack with X* causes infinity loop).
- - (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)
- - (A Denial of Service Vulnerability was found when performing deserialization).
-
-- WDDX:
-
- - (WDDX uses wrong decimal seperator).
-
-- XMLRPC:
-
- - (Incorrect xmlrpc serialization for classes with declared properties).
-
-
-
-
Version 7.1.8
@@ -3518,55 +3155,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-
-Version 7.0.22
-
-- Core:
-
- - (Loading PHP extension with already registered function name leads to a crash).
- - (parse_url() borken when query string contains colon).
- - (Unary operator expected error on some systems).
- - (Use After Free in unserialize() SplFixedArray).
- - (fixed incorrect poll.h include).
- - (fixed incorrect errno.h include).
-
-- Date:
-
- - (property_exists returns true on unknown DateInterval property).
-
-- OCI8:
-
- - (Integer overflow in oci_bind_array_by_name).
-
-- Opcache:
-
- - (Opcache overwrites argument of GENERATOR_RETURN within finally).
-
-- PDO:
-
- - (PDOStatement::debugDumpParams() truncates query).
-
-- SPL:
-
- - (PHP freezes with AppendIterator).
-
-- SQLite3:
-
- - (SQLite3::__construct() produces "out of memory" exception with invalid flags).
-
-- Wddx:
-
- - (huge memleak when wddx_unserialize).
- - (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)
-
-- zlib:
-
- - (dictionary option of inflate_init() does not work).
-
-
-
-
Version 7.1.7
@@ -3646,90 +3234,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-
-Version 7.0.21
-
-- Core:
-
- - (Multiple [PATH=] and [HOST=] sections not properly parsed).
- - (Undefined constants in array properties result in broken properties).
- - Fixed misparsing of abstract unix domain socket names.
- - (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)
- - (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)
- - (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)
- - (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)
-
-- DOM:
-
- - (References to deleted XPath query results).
-
-- GD:
-
- - (Buffer over-read into uninitialized memory). (CVE-2017-7890)
-
-- Intl:
-
- - (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)
- - (Wrong reflection on Collator::getSortKey and collator_get_sort_key).
- - (grapheme_strpos illegal memory access).
-
-- Mbstring:
-
- - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
-
-- OCI8:
-
- - Add TAF callback (PR #2459).
-
-- Opcache:
-
- - (Segfault with opcache.memory_protect and validate_timestamp).
-
-- OpenSSL:
-
- - (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)
-
-- PCRE:
-
- - (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
-
-- PDO_OCI:
-
- - Support Instant Client 12.2 in --with-pdo-oci configure option.
-
-- Reflection:
-
- - (Segfault when cast Reflection object to string with undefined constant).
-
-- SPL:
-
- - (null coalescing operator failing with SplFixedArray).
-
-- Standard:
-
- - (Invalid Reflection signatures for random_bytes and random_int).
- - (Heap buffer overflow in substr).
-
-- FTP:
-
- - (ftp:// wrapper ignores context arg).
-
-- PHAR:
-
- - (Phar::__construct reflection incorrect).
-
-- SOAP:
-
- - (Incorrect conversion array with WSDL_CACHE_MEMORY).
-
-- Streams:
-
- - (stream_socket_get_name() returns '\0').
-
-
-
-
Version 7.1.6
@@ -3770,42 +3274,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-
-Version 7.0.20
-
-- Core:
-
- - (crash (SIGSEGV) in _zend_hash_add_or_update_i).
- - (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).
-
-- intl:
-
- - (wrong reflection on Collator::sortWithSortKeys).
-
-- MySQLi:
-
- - (mysqli::change_user() doesn't accept null as $database argument w/strict_types).
-
-- Opcache:
-
- - (SIGSEGV with opcache.revalidate_path enabled).
-
-- phar:
-
- - (Phar::webPhar() does not handle requests sent through PUT and DELETE method).
-
-- Standard:
-
- - (win32/sendmail.c anchors CC header but not BCC).
-
-- xmlreader:
-
- - (Wrong reflection on XMLReader::expand).
-
-
-
-
Version 7.1.5
@@ -3879,75 +3347,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.19
-
-- Core:
-
- - (Null coalescing operator fails for undeclared static class properties).
- - (Endless loop bypassing execution time limit).
- - (stream_select() is broken on Windows Nanoserver).
- - (php-cgi.exe crash on facebook callback).
- - Patch for bug was reverted.
-
-- Date:
-
- - (Wrong reflection on DateTimeZone::getTransitions).
- - (add constant for RFC7231 format datetime).
-
-- DOM:
-
- - (Wrong reflection on DOMNode::cloneNode).
-
-- Fileinfo:
-
- - (syntax error compile error in libmagic/apprentice.c).
-
-- GD:
-
- - (compile fails on solaris 11 with system gd2 library).
-
-- intl:
-
- - (wrong reflection for Normalizer methods).
- - (wrong reflection for Locale methods).
-
-- MySQLi:
-
- - (mysqli_connect adding ":3306" to $host if $port parameter not given).
-
-- MySQLnd:
-
- - Added support for MySQL 8.0 types.
- - (Invalid free of persistent results on error/connection loss).
-
-- OpenSSL:
-
- - (null character not allowed in openssl_pkey_get_private).
- - (Segfault in openssl_pkey_new when generating DSA or DH key).
- - (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).
- - Added OpenSSL 1.1.0 support.
-
-- phar:
-
- - (phar method parameters reflection correction).
-
-- Standard:
-
- - (Reflection information for ini_get_all() is incomplete).
- - (setcookie allows max-age to be negative).
-
-- Streams:
-
- - (Remote socket URI with unique persistence identifier broken).
-
-- SQLite3:
-
- - (incorrect reflection for SQLite3::enableExceptions).
-
-
-
-
Version 7.1.4
@@ -4007,51 +3406,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.18
-
-- Core:
-
- - (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).
- - (Leak with instance method calling static method with referenced return).
- - (Build problems after 7.0.17 release: undefined reference to `isfinite').
- - (yield fromLABEL is over-greedy).
-
-- Apache:
-
- - Reverted patch for bug #61471, fixes bug #74318.
-
-- Date:
-
- - (Swatch time value incorrect for dates before 1970).
-
-- DOM:
-
- - (LIBXML_NOWARNING flag ingnored on loadHTML*).
-
-- iconv:
-
- - (iconv fails to fail on surrogates).
-
-- OpenSSL:
-
- - (fwrite() on non-blocking SSL sockets doesn't work).
-
-- PDO MySQL:
-
- - (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).
-
-- Streams:
-
- - (Correctly fail on invalid IP address ports).
-
-- Zlib:
-
- - (deflate_add can allocate too much memory).
-
-
-
-
Version 7.1.3
@@ -4115,73 +3469,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-
-Version 7.0.17
-
-- Core:
-
- - (PHP 7.1 Segfaults within Symfony test suite).
- - (Out of bound read - zend_mm_alloc_small).
- - (Performance problem with processing large post request). (CVE-2017-11142)
- - (array_key_exists fails on arrays created by get_object_vars).
- - (NAN check fails on Alpine Linux with musl).
- - (is_infinite(-INF) returns false).
- - (Generating phar.phar core dump with gcc ASAN enabled build).
-
-- Apache:
-
- - (Incomplete POST does not timeout but is passed to PHP).
-
-- Date:
-
- - (Relative datetime format ignores weekday on sundays only).
- - (DateTime wrong when date string is negative).
- - (wrong timestamp when call setTimeZone multi times with UTC offset).
- - (first/last day of' flag is not being reset).
- - ($date->modify('Friday this week') doesn't return a Friday if $date is a Sunday).
- - (wrong day when using "this week" in strtotime).
-
-- FPM:
-
- - (php-fpm process accounting is broken with keepalive).
-
-- Hash:
-
- - (gost-crypto hash incorrect if input data contains long 0xFF sequence).
-
-- GD:
-
- - (ReflectionFunction for imagepng is missing last two parameters).
-
-- Mysqlnd:
-
- - (fetch_array broken data. Data more then MEDIUMBLOB).
-
-- Opcache:
-
- - (if statement says true to a null variable).
- - (Segfault with list).
-
-- OpenSSL:
-
- - (PHP Fast CGI crashes when reading from a pfx file).
-
-- Standard:
-
- - (ReflectionFunction incorrectly reports the number of arguments).
- - (mail.add_x_header causes RFC-breaking lone line feed).
- - (is_callable callable name reports misleading value for anonymous classes).
- - (PHP on Linux should use /dev/urandom when getrandom is not available).
-
-- Streams:
-
- - (Invalid memory access in zend_inline_hash_func).
- - (stream_get_contents maxlength>-1 returns empty string).
-
-
-
-
Version 7.1.2
@@ -4291,193 +3578,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.16
-
-- Core:
-
- - (zend_print_flat_zval_r doesn't consider reference).
- - (Crash when exporting **= in expansion of assign op).
- - (segfault in debug_print_backtrace).
- - (assertion error in debug_zval_dump).
-
-- DOM:
-
- - (getAttributeNodeNS doesn't get xmlns* attributes).
-
-- DTrace:
-
- - (DTrace reported as enabled when disabled).
-
-- FPM:
-
- - (double fastcgi_end_request on max_children limit).
- - (php-fpm does not close stderr when using syslog).
-
-- GD:
-
- - (Premature failing of XBM reading).
-
-- GMP:
-
- - (test for gmp.h needs to test machine includes).
-
-- Intl:
-
-- (Link use CC instead of CXX).
-
-- LDAP:
-
- - (error/segfault with ldap_mod_replace and opcache).
-
-- MySQLi:
-
- - (leak in mysqli_fetch_object).
-
-- Mysqlnd:
-
- - (segfault on close() after free_result() with mysqlnd).
-
-- Opcache:
-
- - (crash on finish work with phar in cli + opcache).
-
-- OpenSSL:
-
- - (add serial hex to return value array).
-
-- PDO_Firebird:
-
- - Implemented FR (All data are fetched as strings).
-
-- PDO_PgSQL:
-
- - (lastInsertId fails to throw an exception for wrong sequence name).
-
-- Phar:
-
- - (PharData::compress() doesn't close temp file).
-
-- posix:
-
- - (configure script incorrectly checks for ttyname_r).
-
-- Session:
-
- - (session not readable by root in CLI).
-
-- SPL:
-
- - (spl_autoload() crashes when calls magic _call()).
-
-- Standard:
-
- - (closing of fd incorrect when PTS enabled).
- - (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
- - (imap is undefined service on AIX).
- - (money_format stores wrong length AIX).
-
-- ZIP:
-
- - (ZipArchive::addGlob ignores remove_all_path option).
-
-
-
-
-
-Version 7.0.15
-
-- Core:
-
- - (invalid foreach loop hangs script).
- - ("Invalid opcode 65/16/8" occurs with a variable created with list()).
- - (Logging of "Internal Zend error - Missing class information" missing class name).
- - (unserialized array pointer not advancing).
- - (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)
- - (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)
- - (Use of uninitialized memory in unserialize()). (CVE-2017-5340)
- - (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)
- - (Use After Free in unserialize()).
- - (Type Confusion in Object Deserialization).
-
-- COM:
-
- - (DOTNET read access violation using invalid codepage).
-
-- DOM:
-
- - (getElementsByTagNameNS filter on default ns).
-
-- EXIF:
-
-- (FPE when parsing a tag format). (CVE-2016-10158)
-
-- GD:
-
- - (Signed Integer Overflow gd_io.c). (CVE-2016-10168)
- - (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)
-
-- GMP:
-
- - (GMP Deserialization Type Confusion Vulnerability).
-
-- Mysqli:
-
- - (Persistent connections don't set $connect_errno).
-
-- Mysqlnd:
-
- - Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem.
- - (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
-
-- PCRE:
-
- - (preg_*() may leak memory).
-
-- PDO_Firebird:
-
- - (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).
-
-- Phar:
-
- - (Seg fault when loading hostile phar). (CVE-2017-11147)
- - (Memory corruption when loading hostile phar). (CVE-2016-10160)
- - (Crash while loading hostile phar archive). (CVE-2016-10159)
-
-- Phpdbg:
-
- - (phpdbg without option never load .phpdbginit at startup).
- - Fixed issue getting executable lines from custom wrappers.
- - (phpdbg shows the wrong line in files with shebang).
-
-- Reflection:
-
- - (ReflectionObject memory leak).
-
-- Streams:
-
- - (php_user_filter::$stream is not set to the stream the filter is working on).
-
-- SQLite3:
-
-- Reverted fix for (Unsetting result set may reset other result set).
-
-- Standard:
-
- - (dns_get_record does not populate $additional out parameter).
- - (Unserialize context shared on double class lookup).
- - (serialize object with __sleep function crash).
- - (get_browser function is very slow).
- - (Loading browscap.ini at startup causes high memory usage).
- - (get_defined_functions additional param to exclude disabled functions).
-
-- Zlib:
-
- - (deflate_add does not verify that output was not truncated).
-
-
-
-
Version 7.1.1
@@ -4603,90 +3703,6 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
-
-Version 7.0.14
-
-- Core:
-
- - Fixed memory leak(null coalescing operator with Spl hash).
- - (Slow performance when fetching large dataset with mysqli / PDO).
- - (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)
-
-- Calendar:
-
- - (Fix integer overflows).
-
-- Date:
-
- - (DateInterval properties and isset).
-
-- DTrace:
-
- - Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
-
-- JSON:
-
- - (php_json_encode depth issue).
-
-- Mysqlnd:
-
- - (Add missing mysqlnd.* parameters to php.ini-*).
-
-- ODBC:
-
- - (odbc_errormsg returns trash, always 513 bytes).
-
-- Opcache:
-
- - (check cached files permissions).
- - (Logging for opcache has an empty file name).
-
-- PCRE:
-
- - (Segmentation fault on pcre_replace_callback).
- - (A use-after-free in zend allocator management).
-
-- PDO_Firebird:
-
- - , , (Memory corruption in bindParam).
-
-- Phar:
-
- - (Phar::isValidPharFilename illegal memory access).
-
-- Postgres:
-
- - (Incorrect SQL generated for pg_copy_to()).
-
-- Soap:
-
- - (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).
- - (Segfault (Regression for )).
-
-- SPL:
-
- - (Reproducible crash with GDB backtrace).
-
-- SQLite3:
-
- - (Unsetting result set may reset other result set).
-
-- Standard:
-
- - (HTTP stream wrapper should ignore HTTP 100 Continue).
- - (version_compare illegal write access).
-
-- Wddx:
-
- - (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)
-
-- XML:
-
- - (malformed XML causes fault).
-
-
-
-
Version 7.1.0
@@ -5258,6 +4274,998 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
+
+
+Version 7.0.33
+
+- Core:
+
+ - (Segfault when using convert.quoted-printable-encode filter).
+
+- IMAP:
+
+ - (null pointer dereference in imap_mail).
+ - (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
+
+- Phar:
+
+ - (PharData always creates new files with mode 0666).
+ - (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
+
+
+
+
+
+
+Version 7.0.32
+
+- Apache2:
+
+ - (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)
+
+
+
+
+
+Version 7.0.31
+
+- Exif:
+
+ - (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
+ - (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
+
+- Win32:
+
+ - (windows linkinfo lacks openbasedir check). (CVE-2018-15132)
+
+
+
+
+
+
+Version 7.0.30
+
+- Exif:
+
+ - (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
+
+- iconv:
+
+ - (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
+
+- LDAP:
+
+ - (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
+
+- Phar:
+
+ - (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
+
+
+
+
+
+Version 7.0.29
+
+- FPM:
+
+ - (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
+
+
+
+
+
+
+Version 7.0.28
+
+- Standard:
+
+ - (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
+
+
+
+
+
+Version 7.0.27
+
+- CLI Server:
+
+ - (Random "Invalid request (unexpected EOF)" using a router script).
+
+- Core:
+
+ - (PHP seems incompatible with OneDrive files on demand).
+ - (Segmentation fault in 7.1.12 and 7.0.26).
+
+- FPM:
+
+ - (libxml_disable_entity_loader setting is shared between requests).
+
+- GD:
+
+ - (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
+
+- Opcache:
+
+ - (Interned strings buffer overflow may cause crash).
+
+- PCRE:
+
+ - (preg_last_error not returning error code after error).
+
+- Phar:
+
+ - (Reflected XSS in .phar 404 page). (CVE-2018-5712)
+
+- Standard:
+
+ - (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)
+ - (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
+
+- Zip:
+
+ - (Segfault with libzip 1.3.1).
+
+
+
+
+
+
+Version 7.0.26
+
+- Core:
+
+ - (Crash when modifing property name in __isset for BP_VAR_IS).
+ - (mmap/munmap trashing on unlucky allocations).
+
+- CLI:
+
+ - (Builtin webserver crash after chdir in a shutdown function).
+
+- Enchant:
+
+ - (enchant_broker_get_path crashes if no path is set).
+ - (Enchant still reports version 1.1.0).
+
+- Exif:
+
+ - (Exif extension has built in revision version).
+
+- GD:
+
+ - (imagerotate may alter image dimensions).
+ - (Wrong reflection on imagewebp).
+
+- intl:
+
+ - (UConverter::setDestinationEncoding changes source instead of destination).
+
+- interbase:
+
+ - (Incorrect reflection for ibase_[p]connect).
+
+- Mysqli:
+
+ - (Wrong reflection for mysqli_fetch_all function).
+
+- OCI8:
+
+ - Fixed valgrind issue.
+
+- Opcache:
+
+ - (Warning Internal error: wrong size calculation).
+
+- OpenSSL:
+
+ - (openssl_x509_parse leaks memory).
+ - (Wrong reflection for openssl_open function).
+
+- PGSQL:
+
+ - (Default link incorrectly cleared/linked by pg_close()).
+
+- SOAP:
+
+ - (Wrong reflection on SoapClient::__setSoapHeaders).
+
+- Zlib:
+
+ - (Wrong reflection on inflate_init and inflate_add).
+
+
+
+
+
+Version 7.0.25
+
+- Core:
+
+ - (Null pointer dereference in zend_mm_alloc_small()).
+ - (infinite loop when printing an error-message).
+ - (Incorrect token formatting on two parse errors in one request).
+ - (Segfault when calling is_callable on parent).
+ - (debug info of Closures of internal functions contain garbage argument names).
+
+- Apache2Handler:
+
+ - (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).
+
+- Date:
+
+ - (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
+
+- Intl:
+
+ - (The parameter of UConverter::getAliases() is not optional).
+
+- mcrypt:
+
+ - (arcfour encryption stream filter crashes php).
+
+- OCI8:
+
+ - Fixed incorrect reference counting.
+
+- PCRE:
+
+ - (applied upstream patch for CVE-2016-1283).
+
+- litespeed:
+
+ - (Binary directory doesn't get created when building only litespeed SAPI).
+ - (Missing program prefix and suffix).
+
+- SPL:
+
+ - (SplDoublyLinkedList::setIteratorMode masks intern flags).
+
+
+
+
+
+Version 7.0.24
+
+- Core:
+
+ - (run-tests.php issues with EXTENSION block).
+
+- BCMath:
+
+ - (bcpowmod() fails if scale != 0).
+ - (BC math handles minus zero incorrectly).
+ - (bcpowmod() may return 1 if modulus is 1).
+ - (bcpowmod() misbehaves for non-integer base or modulus).
+
+- CLI server:
+
+ - (Built-in server truncates headers spanning over TCP packets).
+
+- CURL:
+
+ - (OpenSSL support not detected).
+
+- GD:
+
+ - (gdImageGrayScale() may produce colors).
+ - (libgd/gd_interpolation.c:1786: suspicious if ?).
+
+- Gettext:
+
+ - (textdomain(null) throws in strict mode).
+
+- Intl:
+
+ - (IntlGregorianCalendar doesn't have constants from parent class).
+
+- PDO_OCI:
+
+ - (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
+
+- SPL:
+
+ - (incorrect behavior of AppendIterator::append in foreach loop).
+
+- Standard:
+
+ - (gethostname fails if your host name is 64 chars long).
+
+
+
+
+
+Version 7.0.23
+
+- Core:
+
+ - (Segfault in scanner on INF number).
+ - (null deref and segfault in zend_generator_resume()).
+ - (html_errors=1 breaks unhandled exceptions).
+ - (NAN comparison).
+
+- cURL:
+
+ - (Fixed finding CURL on systems with multiarch support).
+
+- Date:
+
+- (Null Pointer Dereference in timelib_time_clone).
+
+- Intl:
+
+ - (Wrong reflection on some locale_* functions).
+
+- Mbstring:
+
+ - (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
+ - (mb_convert_kana() does not convert iteration marks).
+ - (Wrong reflection on mb_eregi_replace).
+
+- MySQLi:
+
+ - (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
+
+- OCI8:
+
+ - Expose oci_unregister_taf_callback() (Tianfang Yang)
+
+- phar:
+
+ - (include_path has a 4096 char limit in some cases).
+
+- Reflection:
+
+ - (null pointer dereference in _function_string).
+
+- Session:
+
+ - (SID constant created with wrong module number).
+
+- SimpleXML:
+
+ - (nullpointer deref in simplexml_element_getDocNamespaces).
+
+- SPL:
+
+ - (spl_autoload_unregister can't handle spl_autoload_functions results).
+ - (Unserialize ArrayIterator broken).
+ - (Crash in recursive iterator destructors).
+
+- Standard:
+
+ - (unpack with X* causes infinity loop).
+ - (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)
+ - (A Denial of Service Vulnerability was found when performing deserialization).
+
+- WDDX:
+
+ - (WDDX uses wrong decimal seperator).
+
+- XMLRPC:
+
+ - (Incorrect xmlrpc serialization for classes with declared properties).
+
+
+
+
+
+Version 7.0.22
+
+- Core:
+
+ - (Loading PHP extension with already registered function name leads to a crash).
+ - (parse_url() borken when query string contains colon).
+ - (Unary operator expected error on some systems).
+ - (Use After Free in unserialize() SplFixedArray).
+ - (fixed incorrect poll.h include).
+ - (fixed incorrect errno.h include).
+
+- Date:
+
+ - (property_exists returns true on unknown DateInterval property).
+
+- OCI8:
+
+ - (Integer overflow in oci_bind_array_by_name).
+
+- Opcache:
+
+ - (Opcache overwrites argument of GENERATOR_RETURN within finally).
+
+- PDO:
+
+ - (PDOStatement::debugDumpParams() truncates query).
+
+- SPL:
+
+ - (PHP freezes with AppendIterator).
+
+- SQLite3:
+
+ - (SQLite3::__construct() produces "out of memory" exception with invalid flags).
+
+- Wddx:
+
+ - (huge memleak when wddx_unserialize).
+ - (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)
+
+- zlib:
+
+ - (dictionary option of inflate_init() does not work).
+
+
+
+
+
+Version 7.0.21
+
+- Core:
+
+ - (Multiple [PATH=] and [HOST=] sections not properly parsed).
+ - (Undefined constants in array properties result in broken properties).
+ - Fixed misparsing of abstract unix domain socket names.
+ - (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)
+ - (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)
+ - (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)
+ - (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)
+
+- DOM:
+
+ - (References to deleted XPath query results).
+
+- GD:
+
+ - (Buffer over-read into uninitialized memory). (CVE-2017-7890)
+
+- Intl:
+
+ - (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)
+ - (Wrong reflection on Collator::getSortKey and collator_get_sort_key).
+ - (grapheme_strpos illegal memory access).
+
+- Mbstring:
+
+ - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
+
+- OCI8:
+
+ - Add TAF callback (PR #2459).
+
+- Opcache:
+
+ - (Segfault with opcache.memory_protect and validate_timestamp).
+
+- OpenSSL:
+
+ - (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)
+
+- PCRE:
+
+ - (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
+
+- PDO_OCI:
+
+ - Support Instant Client 12.2 in --with-pdo-oci configure option.
+
+- Reflection:
+
+ - (Segfault when cast Reflection object to string with undefined constant).
+
+- SPL:
+
+ - (null coalescing operator failing with SplFixedArray).
+
+- Standard:
+
+ - (Invalid Reflection signatures for random_bytes and random_int).
+ - (Heap buffer overflow in substr).
+
+- FTP:
+
+ - (ftp:// wrapper ignores context arg).
+
+- PHAR:
+
+ - (Phar::__construct reflection incorrect).
+
+- SOAP:
+
+ - (Incorrect conversion array with WSDL_CACHE_MEMORY).
+
+- Streams:
+
+ - (stream_socket_get_name() returns '\0').
+
+
+
+
+
+
+Version 7.0.20
+
+- Core:
+
+ - (crash (SIGSEGV) in _zend_hash_add_or_update_i).
+ - (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).
+
+- intl:
+
+ - (wrong reflection on Collator::sortWithSortKeys).
+
+- MySQLi:
+
+ - (mysqli::change_user() doesn't accept null as $database argument w/strict_types).
+
+- Opcache:
+
+ - (SIGSEGV with opcache.revalidate_path enabled).
+
+- phar:
+
+ - (Phar::webPhar() does not handle requests sent through PUT and DELETE method).
+
+- Standard:
+
+ - (win32/sendmail.c anchors CC header but not BCC).
+
+- xmlreader:
+
+ - (Wrong reflection on XMLReader::expand).
+
+
+
+
+
+Version 7.0.19
+
+- Core:
+
+ - (Null coalescing operator fails for undeclared static class properties).
+ - (Endless loop bypassing execution time limit).
+ - (stream_select() is broken on Windows Nanoserver).
+ - (php-cgi.exe crash on facebook callback).
+ - Patch for bug was reverted.
+
+- Date:
+
+ - (Wrong reflection on DateTimeZone::getTransitions).
+ - (add constant for RFC7231 format datetime).
+
+- DOM:
+
+ - (Wrong reflection on DOMNode::cloneNode).
+
+- Fileinfo:
+
+ - (syntax error compile error in libmagic/apprentice.c).
+
+- GD:
+
+ - (compile fails on solaris 11 with system gd2 library).
+
+- intl:
+
+ - (wrong reflection for Normalizer methods).
+ - (wrong reflection for Locale methods).
+
+- MySQLi:
+
+ - (mysqli_connect adding ":3306" to $host if $port parameter not given).
+
+- MySQLnd:
+
+ - Added support for MySQL 8.0 types.
+ - (Invalid free of persistent results on error/connection loss).
+
+- OpenSSL:
+
+ - (null character not allowed in openssl_pkey_get_private).
+ - (Segfault in openssl_pkey_new when generating DSA or DH key).
+ - (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).
+ - Added OpenSSL 1.1.0 support.
+
+- phar:
+
+ - (phar method parameters reflection correction).
+
+- Standard:
+
+ - (Reflection information for ini_get_all() is incomplete).
+ - (setcookie allows max-age to be negative).
+
+- Streams:
+
+ - (Remote socket URI with unique persistence identifier broken).
+
+- SQLite3:
+
+ - (incorrect reflection for SQLite3::enableExceptions).
+
+
+
+
+
+Version 7.0.18
+
+- Core:
+
+ - (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).
+ - (Leak with instance method calling static method with referenced return).
+ - (Build problems after 7.0.17 release: undefined reference to `isfinite').
+ - (yield fromLABEL is over-greedy).
+
+- Apache:
+
+ - Reverted patch for bug #61471, fixes bug #74318.
+
+- Date:
+
+ - (Swatch time value incorrect for dates before 1970).
+
+- DOM:
+
+ - (LIBXML_NOWARNING flag ingnored on loadHTML*).
+
+- iconv:
+
+ - (iconv fails to fail on surrogates).
+
+- OpenSSL:
+
+ - (fwrite() on non-blocking SSL sockets doesn't work).
+
+- PDO MySQL:
+
+ - (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).
+
+- Streams:
+
+ - (Correctly fail on invalid IP address ports).
+
+- Zlib:
+
+ - (deflate_add can allocate too much memory).
+
+
+
+
+
+Version 7.0.17
+
+- Core:
+
+ - (PHP 7.1 Segfaults within Symfony test suite).
+ - (Out of bound read - zend_mm_alloc_small).
+ - (Performance problem with processing large post request). (CVE-2017-11142)
+ - (array_key_exists fails on arrays created by get_object_vars).
+ - (NAN check fails on Alpine Linux with musl).
+ - (is_infinite(-INF) returns false).
+ - (Generating phar.phar core dump with gcc ASAN enabled build).
+
+- Apache:
+
+ - (Incomplete POST does not timeout but is passed to PHP).
+
+- Date:
+
+ - (Relative datetime format ignores weekday on sundays only).
+ - (DateTime wrong when date string is negative).
+ - (wrong timestamp when call setTimeZone multi times with UTC offset).
+ - (first/last day of' flag is not being reset).
+ - ($date->modify('Friday this week') doesn't return a Friday if $date is a Sunday).
+ - (wrong day when using "this week" in strtotime).
+
+- FPM:
+
+ - (php-fpm process accounting is broken with keepalive).
+
+- Hash:
+
+ - (gost-crypto hash incorrect if input data contains long 0xFF sequence).
+
+- GD:
+
+ - (ReflectionFunction for imagepng is missing last two parameters).
+
+- Mysqlnd:
+
+ - (fetch_array broken data. Data more then MEDIUMBLOB).
+
+- Opcache:
+
+ - (if statement says true to a null variable).
+ - (Segfault with list).
+
+- OpenSSL:
+
+ - (PHP Fast CGI crashes when reading from a pfx file).
+
+- Standard:
+
+ - (ReflectionFunction incorrectly reports the number of arguments).
+ - (mail.add_x_header causes RFC-breaking lone line feed).
+ - (is_callable callable name reports misleading value for anonymous classes).
+ - (PHP on Linux should use /dev/urandom when getrandom is not available).
+
+- Streams:
+
+ - (Invalid memory access in zend_inline_hash_func).
+ - (stream_get_contents maxlength>-1 returns empty string).
+
+
+
+
+
+Version 7.0.16
+
+- Core:
+
+ - (zend_print_flat_zval_r doesn't consider reference).
+ - (Crash when exporting **= in expansion of assign op).
+ - (segfault in debug_print_backtrace).
+ - (assertion error in debug_zval_dump).
+
+- DOM:
+
+ - (getAttributeNodeNS doesn't get xmlns* attributes).
+
+- DTrace:
+
+ - (DTrace reported as enabled when disabled).
+
+- FPM:
+
+ - (double fastcgi_end_request on max_children limit).
+ - (php-fpm does not close stderr when using syslog).
+
+- GD:
+
+ - (Premature failing of XBM reading).
+
+- GMP:
+
+ - (test for gmp.h needs to test machine includes).
+
+- Intl:
+
+- (Link use CC instead of CXX).
+
+- LDAP:
+
+ - (error/segfault with ldap_mod_replace and opcache).
+
+- MySQLi:
+
+ - (leak in mysqli_fetch_object).
+
+- Mysqlnd:
+
+ - (segfault on close() after free_result() with mysqlnd).
+
+- Opcache:
+
+ - (crash on finish work with phar in cli + opcache).
+
+- OpenSSL:
+
+ - (add serial hex to return value array).
+
+- PDO_Firebird:
+
+ - Implemented FR (All data are fetched as strings).
+
+- PDO_PgSQL:
+
+ - (lastInsertId fails to throw an exception for wrong sequence name).
+
+- Phar:
+
+ - (PharData::compress() doesn't close temp file).
+
+- posix:
+
+ - (configure script incorrectly checks for ttyname_r).
+
+- Session:
+
+ - (session not readable by root in CLI).
+
+- SPL:
+
+ - (spl_autoload() crashes when calls magic _call()).
+
+- Standard:
+
+ - (closing of fd incorrect when PTS enabled).
+ - (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
+ - (imap is undefined service on AIX).
+ - (money_format stores wrong length AIX).
+
+- ZIP:
+
+ - (ZipArchive::addGlob ignores remove_all_path option).
+
+
+
+
+
+Version 7.0.15
+
+- Core:
+
+ - (invalid foreach loop hangs script).
+ - ("Invalid opcode 65/16/8" occurs with a variable created with list()).
+ - (Logging of "Internal Zend error - Missing class information" missing class name).
+ - (unserialized array pointer not advancing).
+ - (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)
+ - (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)
+ - (Use of uninitialized memory in unserialize()). (CVE-2017-5340)
+ - (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)
+ - (Use After Free in unserialize()).
+ - (Type Confusion in Object Deserialization).
+
+- COM:
+
+ - (DOTNET read access violation using invalid codepage).
+
+- DOM:
+
+ - (getElementsByTagNameNS filter on default ns).
+
+- EXIF:
+
+- (FPE when parsing a tag format). (CVE-2016-10158)
+
+- GD:
+
+ - (Signed Integer Overflow gd_io.c). (CVE-2016-10168)
+ - (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)
+
+- GMP:
+
+ - (GMP Deserialization Type Confusion Vulnerability).
+
+- Mysqli:
+
+ - (Persistent connections don't set $connect_errno).
+
+- Mysqlnd:
+
+ - Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem.
+ - (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
+
+- PCRE:
+
+ - (preg_*() may leak memory).
+
+- PDO_Firebird:
+
+ - (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).
+
+- Phar:
+
+ - (Seg fault when loading hostile phar). (CVE-2017-11147)
+ - (Memory corruption when loading hostile phar). (CVE-2016-10160)
+ - (Crash while loading hostile phar archive). (CVE-2016-10159)
+
+- Phpdbg:
+
+ - (phpdbg without option never load .phpdbginit at startup).
+ - Fixed issue getting executable lines from custom wrappers.
+ - (phpdbg shows the wrong line in files with shebang).
+
+- Reflection:
+
+ - (ReflectionObject memory leak).
+
+- Streams:
+
+ - (php_user_filter::$stream is not set to the stream the filter is working on).
+
+- SQLite3:
+
+- Reverted fix for (Unsetting result set may reset other result set).
+
+- Standard:
+
+ - (dns_get_record does not populate $additional out parameter).
+ - (Unserialize context shared on double class lookup).
+ - (serialize object with __sleep function crash).
+ - (get_browser function is very slow).
+ - (Loading browscap.ini at startup causes high memory usage).
+ - (get_defined_functions additional param to exclude disabled functions).
+
+- Zlib:
+
+ - (deflate_add does not verify that output was not truncated).
+
+
+
+
+
+Version 7.0.14
+
+- Core:
+
+ - Fixed memory leak(null coalescing operator with Spl hash).
+ - (Slow performance when fetching large dataset with mysqli / PDO).
+ - (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)
+
+- Calendar:
+
+ - (Fix integer overflows).
+
+- Date:
+
+ - (DateInterval properties and isset).
+
+- DTrace:
+
+ - Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
+
+- JSON:
+
+ - (php_json_encode depth issue).
+
+- Mysqlnd:
+
+ - (Add missing mysqlnd.* parameters to php.ini-*).
+
+- ODBC:
+
+ - (odbc_errormsg returns trash, always 513 bytes).
+
+- Opcache:
+
+ - (check cached files permissions).
+ - (Logging for opcache has an empty file name).
+
+- PCRE:
+
+ - (Segmentation fault on pcre_replace_callback).
+ - (A use-after-free in zend allocator management).
+
+- PDO_Firebird:
+
+ - , , (Memory corruption in bindParam).
+
+- Phar:
+
+ - (Phar::isValidPharFilename illegal memory access).
+
+- Postgres:
+
+ - (Incorrect SQL generated for pg_copy_to()).
+
+- Soap:
+
+ - (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).
+ - (Segfault (Regression for )).
+
+- SPL:
+
+ - (Reproducible crash with GDB backtrace).
+
+- SQLite3:
+
+ - (Unsetting result set may reset other result set).
+
+- Standard:
+
+ - (HTTP stream wrapper should ignore HTTP 100 Continue).
+ - (version_compare illegal write access).
+
+- Wddx:
+
+ - (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)
+
+- XML:
+
+ - (malformed XML causes fault).
+
+
+
+