#
1e2818b1 |
| 12-May-2014 |
Stanislav Malyshev |
Fix bug #67252: convert_uudecode out-of-bounds read
|
#
0a808492 |
| 12-May-2014 |
Stanislav Malyshev |
Fix bug #67251 - date_parse_from_format out-of-bounds read
|
#
3e9cb6a4 |
| 12-May-2014 |
Stanislav Malyshev |
Fix bug #67250 (iptcparse out-of-bounds read)
|
#
2b475eeb |
| 12-May-2014 |
Stanislav Malyshev |
Fix bug #67247 spl_fixedarray_resize integer overflow
|
#
14dd6c2d |
| 12-May-2014 |
Stanislav Malyshev |
fix news
|
#
62b2eb66 |
| 11-May-2014 |
Bob Weinand |
Updated NEWS
|
#
f7cb87f3 |
| 02-May-2014 |
Adam Harvey |
Fix author name on the #63228 patch.
|
#
1c13ad7c |
| 01-May-2014 |
Ferenc Kovacs |
add missing NEWS entry to the correct release where it was added
|
#
35ceea92 |
| 15-Apr-2014 |
Stanislav Malyshev |
Fix bug #67060: use default mode of 660
|
#
2d625b5f |
| 29-Apr-2014 |
Anatol Belski |
Fixed bug #66431 Special Character via COM Interface (CP_UTF8)
|
#
c1aa9baf |
| 25-Apr-2014 |
Anatol Belski |
Fixed bug #67118 DateTime constructor crash with invalid data
|
#
a3288038 |
| 25-Apr-2014 |
Stanislav Malyshev |
Revert "Fixed bug #64604" This reverts commit b05c088a3abf8e4c6fb6e40418423a9e2dd3d929. Breaks parsing urls where query has : in it, like: /foo/bar?baz=goo:boo
|
#
ea4cee93 |
| 13-Feb-2014 |
Danack |
Allow valid multi-byte utf-8 characters to be allowed as file names in phar archives.
|
#
49341e99 |
| 14-Mar-2014 |
Julio Pintos |
Fix #66908: php-fpm reload leaks epoll_create() file descriptor This patch fixes descriptor leak which could lead to DoS once Max open files is reached
|
#
a18cec1b |
| 14-Apr-2014 |
Boro Sitnikovski |
Fix bug #65701: Do not use cache for file file copy
|
#
5328d428 |
| 17-Apr-2014 |
Anatol Belski |
Fixed bug #67072 Echoing unserialized "SplFileObject" crash The actual issue lays in the unserializer code which doesn't honor the unserialize callback. By contrast, the serialize callba
Fixed bug #67072 Echoing unserialized "SplFileObject" crash The actual issue lays in the unserializer code which doesn't honor the unserialize callback. By contrast, the serialize callback is respected. This leads to the situation that even if a class has disabled the serialization explicitly, user could still construct a vulnerable string which would result bad things when trying to unserialize. This conserns also the classes implementing Serializable as well as some core classes disabling serialize/unserialize callbacks explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the flow is first to call the unserialize callback (if available), then call __wakeup. If the unserialize callback returns with no success, no object is instantiated. This makes the scheme used by internal classes effective, to disable unserialize just assign zend_class_unserialize_deny as callback.
show more ...
|
#
5224614f |
| 16-Apr-2014 |
Anatol Belski |
Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset
|
#
1d34d822 |
| 15-Apr-2014 |
Stanislav Malyshev |
5.4.29 is next
|
#
a1863128 |
| 25-Mar-2014 |
Chuan Ma |
Fix #66942: openssl_seal() memory leak Fix #66952: memory leak in openssl_open()
|
#
ad1b9eef |
| 14-Apr-2014 |
Stanislav Malyshev |
Fix null byte in LDAP bindings
|
#
40a9316d |
| 14-Apr-2014 |
Stanislav Malyshev |
Fix bug #66171: better handling of symlinks
|
#
b80243ae |
| 14-Apr-2014 |
Stanislav Malyshev |
fix NEWS
|
#
b05c088a |
| 23-Nov-2013 |
Ingo Walz |
Fixed bug #64604
|
#
5558d0db |
| 28-Jan-2014 |
Freek |
Fix #66562: Consistency bug where curl_multi_getcontent behaves different from curl_exec curl_exec returns an empty string when data is received from a domain that returns zero content. curl
Fix #66562: Consistency bug where curl_multi_getcontent behaves different from curl_exec curl_exec returns an empty string when data is received from a domain that returns zero content. curl_multi_getcontent returned null. Now it returns an empty string fixing the incosistency
show more ...
|
#
636adf25 |
| 16-Jan-2014 |
itxx00 |
Fix bug #66482, replace wrong item name 'priority' with 'process.priority' in php-fpm.conf
|