| 489fd56f | 14-Jun-2016 |
Stanislav Malyshev |
Fix bug #72275: don't allow smart_str to overflow int |
| a44c89e8 | 13-Jun-2016 |
Stanislav Malyshev |
Fix bug #72340: Double Free Courruption in wddx_deserialize |
| 6f73079c | 13-Jun-2016 |
Anatol Belski |
update NEWS |
| f96ebb09 | 20-Jul-2015 |
Christoph M. Becker |
Fix #66387: Stack overflow with imagefilltoborder
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBord
Fix #66387: Stack overflow with imagefilltoborder
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
show more ...
|
| 4dd03651 | 25-May-2016 |
Remi Collet |
Skip test which is 64bits only
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more tha
Skip test which is 64bits only
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
show more ...
|
| 0c847404 | 25-May-2016 |
Julien Pauli |
5.5.37 now |
| 9a826a3b | 24-May-2016 |
Stanislav Malyshev |
Fix memory leak in imagescale() |
| f423e1bb | 24-May-2016 |
Stanislav Malyshev |
Update NEWS |
| e9559131 | 24-May-2016 |
Stanislav Malyshev |
Better fix for bug #72135 |
| 7a1aac33 | 23-May-2016 |
Stanislav Malyshev |
Fixed bug #72227: imagescale out-of-bounds read
Ported from https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a |
| 97eff7eb | 23-May-2016 |
Stanislav Malyshev |
Fix bug #72241: get_icu_value_internal out-of-bounds read |
| 0da8b8b8 | 16-May-2016 |
Stanislav Malyshev |
Fix bug #72135 - don't create strings with lengths outside int range |
| 41fc3c76 | 10-May-2016 |
Stanislav Malyshev |
Add check for string overflow to all string add operations |
| abd159cc | 10-May-2016 |
Stanislav Malyshev |
Fix bug #72114 - int/size_t confusion in fread |
| 95ed19ae | 02-May-2016 |
Julien Pauli |
Updated NEWS |
| a4abd2be | 02-May-2016 |
Julien Pauli |
Backport of fixed for bug #71331 - Uninitialized pointer in phar_make_dirstream()
|
| 5c571626 | 01-May-2016 |
Lior Kaplan |
Update PHP 5.5 NEWS entries with CVE info |
| 6058b788 | 29-Apr-2016 |
Julien Pauli |
Added CVE |
| 9649ca16 | 15-Jan-2016 |
Stanislav Malyshev |
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream() |
| 008f983b | 27-Apr-2016 |
Julien Pauli |
Updated NEWS |
| 61c7a06e | 27-Apr-2016 |
Stanislav Malyshev |
Fix memory leak |
| dccda88f | 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72099: xml_parse_into_struct segmentation fault |
| f856734c | 26-Apr-2016 |
Julien Pauli |
5.5.36 now |
| 082aecfc | 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72094 - Out of bounds heap read access in exif header processing |
| d650063a | 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
We can not modify result since it can be copy of _zero_ or _one_, etc. and
"copy" in bcmath is just bumping
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
We can not modify result since it can be copy of _zero_ or _one_, etc. and
"copy" in bcmath is just bumping the refcount.
show more ...
|
