489fd56f | 14-Jun-2016 |
Stanislav Malyshev |
Fix bug #72275: don't allow smart_str to overflow int |
a44c89e8 | 13-Jun-2016 |
Stanislav Malyshev |
Fix bug #72340: Double Free Courruption in wddx_deserialize |
6f73079c | 13-Jun-2016 |
Anatol Belski |
update NEWS |
f96ebb09 | 20-Jul-2015 |
Christoph M. Becker |
Fix #66387: Stack overflow with imagefilltoborder The stack overflow is caused by the recursive algorithm in combination with a very large negative coordinate passed to gdImageFillToBord
Fix #66387: Stack overflow with imagefilltoborder The stack overflow is caused by the recursive algorithm in combination with a very large negative coordinate passed to gdImageFillToBorder(). As there is already a clipping for large positive coordinates to the width and height of the image, it seems to be consequent to clip to zero also.
show more ...
|
4dd03651 | 25-May-2016 |
Remi Collet |
Skip test which is 64bits only Diff from test output 001+ Warning: fread(): Length parameter must be greater than 0 in ... 001- Warning: fread(): Length parameter must be no more tha
Skip test which is 64bits only Diff from test output 001+ Warning: fread(): Length parameter must be greater than 0 in ... 001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
show more ...
|
0c847404 | 25-May-2016 |
Julien Pauli |
5.5.37 now |
9a826a3b | 24-May-2016 |
Stanislav Malyshev |
Fix memory leak in imagescale() |
f423e1bb | 24-May-2016 |
Stanislav Malyshev |
Update NEWS |
e9559131 | 24-May-2016 |
Stanislav Malyshev |
Better fix for bug #72135 |
7a1aac33 | 23-May-2016 |
Stanislav Malyshev |
Fixed bug #72227: imagescale out-of-bounds read Ported from https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a |
97eff7eb | 23-May-2016 |
Stanislav Malyshev |
Fix bug #72241: get_icu_value_internal out-of-bounds read |
0da8b8b8 | 16-May-2016 |
Stanislav Malyshev |
Fix bug #72135 - don't create strings with lengths outside int range |
41fc3c76 | 10-May-2016 |
Stanislav Malyshev |
Add check for string overflow to all string add operations |
abd159cc | 10-May-2016 |
Stanislav Malyshev |
Fix bug #72114 - int/size_t confusion in fread |
95ed19ae | 02-May-2016 |
Julien Pauli |
Updated NEWS |
a4abd2be | 02-May-2016 |
Julien Pauli |
Backport of fixed for bug #71331 - Uninitialized pointer in phar_make_dirstream()
|
5c571626 | 01-May-2016 |
Lior Kaplan |
Update PHP 5.5 NEWS entries with CVE info |
6058b788 | 29-Apr-2016 |
Julien Pauli |
Added CVE |
9649ca16 | 15-Jan-2016 |
Stanislav Malyshev |
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream() |
008f983b | 27-Apr-2016 |
Julien Pauli |
Updated NEWS |
61c7a06e | 27-Apr-2016 |
Stanislav Malyshev |
Fix memory leak |
dccda88f | 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72099: xml_parse_into_struct segmentation fault |
f856734c | 26-Apr-2016 |
Julien Pauli |
5.5.36 now |
082aecfc | 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72094 - Out of bounds heap read access in exif header processing |
d650063a | 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition We can not modify result since it can be copy of _zero_ or _one_, etc. and "copy" in bcmath is just bumping
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition We can not modify result since it can be copy of _zero_ or _one_, etc. and "copy" in bcmath is just bumping the refcount.
show more ...
|