: Log in!

メインメニュー
Google


ウェブ 検索
サイト内検索
トップ  >  Linux16歩  >  2016-08-20 php-5.6.25にupdate
20160820 php-5.6.25にupdateしました


NEWS

18 Aug 2016, PHP 5.6.25

- Bz2:
 . Fixed bug #72837 (integer overflow in bzdecompress caused heap
   corruption). (Stas)

- Core:
 . Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
   (Taoguang Chen)
 . Fixed bug #72024 (microtime() leaks memory). 
   (maroszek at gmx dot net)
 . Fixed bug #72581 (previous property undefined in Exception after
   deserialization). (Laruence)
 . Implemented FR #72614 (Support "nmake test" on building extensions 
   by phpize). (Yuji Uchiyama)
 . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
   (Yuji Uchiyama)
 . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
   __wakeup() in Deserialization). (Stas)
 . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)

- Calendar:
 . Fixed bug #67976 (cal_days_month() fails for final month of 
   the French calendar). (cmb)
 . Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
   zif_cal_from_jd). (cmb)

- Curl:
 . Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
   (maroszek at gmx dot net)
 . Fixed bug #71929 (Certification information (CERTINFO) 
   data parsing error). (Pierrick)
 . Fixed bug #72807 (integer overflow in curl_escape caused heap
   corruption). (Stas)

- DOM:
 . Fixed bug #66502 (DOM document dangling reference). 
   (Sean Heelan, cmb)

- Ereg:
 . Fixed bug #72838 (Integer overflow lead to heap corruption in
   sql_regcase). (Stas)

- EXIF:
 . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). 
   (Stas)
 . Fixed bug #72735 (Samsung picture thumb not read (zero size)). 
   (Kalle, Remi)

- Filter:
 . Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 
   127.0.0.0/8 range). (bugs dot php dot net at majkl578 dot cz)

- FPM:
 . Fixed bug #72575 (using --allow-to-run-as-root should ignore 
   missing user). (gooh)

- GD:
 . Fixed bug #43828 (broken transparency of imagearc for truecolor in
   blendingmode). (cmb)
 . Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c).
   (cmb)
 . Fixed bug #68712 (suspicious if-else statements). (cmb)
 . Fixed bug #70315 (500 Server Error but page is fully rendered). 
   (cmb)
 . Fixed bug #72596 (imagetypes function won't advertise WEBP support).
   (cmb)
 . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
 . Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
 . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles)
   (cmb)
 . Fixed bug #72730 (imagegammacorrect allows arbitrary write access).
   (Stas)

- Intl:
 . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for 
   long domain names). (cmb)

- mbstring:
 . Fixed bug #72691 (mb_ereg_search raises a warning if 
   a match zero-width). (cmb)
 . Fixed bug #72693 (mb_ereg_search increments search position when 
   a match zero-width). (cmb)
 . Fixed bug #72694 (mb_ereg_search_setpos does not accept 
   a string's last position). (cmb)
 . Fixed bug #72710 (`mb_ereg` causes buffer overflow on 
   regexp compile error). (ju1ius)

- PCRE:
 . Fixed bug #72688 (preg_match missing group names in matches). (cmb)

- PDO_pgsql:
 . Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)

- Reflection:
 . Fixed bug #72222 (ReflectionClass::export doesn't handle array 
   constants). (Nikita Nefedov)

- SNMP:
 . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
   allocation). (djodjo at gmail dot com)

- Standard:
 . Fixed bug #72330 (CSV fields incorrectly split if escape char 
   followed by UTF chars). (cmb)
 . Fixed bug #72836 (integer overflow in base64_decode). (Stas)
 . Fixed bug #72848 (integer overflow in quoted_printable_encode). 
   (Stas)
 . Fixed bug #72849 (integer overflow in urlencode). (Stas)
 . Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
 . Fixed bug #72716 (initialize buffer before read). (Stas)

- Streams:
 . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
 . Fixed bug #54431 (opendir() does not work with ftps:// wrapper).
   (vhuk)
 . Fixed bug #72667 (opendir() with ftp:// attempts to open 
   data stream for non-existent directories). (vhuk)
 . Fixed bug #72764 (ftps:// opendir wrapper data channel encryption 
   fails with IIS FTP 7.5, 8.5). (vhuk)
 . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol 
   downgrade attack). (Stas)

- SPL:
 . Fixed bug #72122 (IteratorIterator breaks '@' error suppression). 
   (kinglozzer)
 . Fixed bug #72646 (SplFileObject::getCsvControl does not return 
   the escape character). (cmb)
 . Fixed bug #72684 (AppendIterator segfault with closed generator).
   (Pierrick)

- SQLite3:
 . Implemented FR #72653 (SQLite should allow opening with 
   empty filename). (cmb)

- Wddx:
 . Fixed bug #72142 (WDDX Packet Injection Vulnerability in
   wddx_serialize_value()). (Taoguang Chen)
 . Fixed bug #72749 (wddx_deserialize allows illegal memory access) 
  (Stas)
 . Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
 . Fixed bug #72790 (wddx_deserialize null dereference with 
   invalid xml). (Stas)
 . Fixed bug #72799 (wddx_deserialize null dereference in
   php_wddx_pop_element). (Stas)
投票数:9 平均点:3.33
前
2016-08-11 lynis-2.3.2にupdate
カテゴリートップ
Linux16歩
次
2016-08-21 phpmyadmin-4.6.4にupdate