History log of /PHP-7.1/ (Results 1 – 25 of 79631)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
1d9205b606-Dec-2019 Joe Watkins

fix configure

eeb69ac705-Dec-2019 Joe Watkins

fix version for sake of history ... goodbye 7.1

Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5
4698200427-Oct-2019 Stanislav Malyshev

Fix libmagic buffer overflow issue (CVE-2019-18218)

Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84

52f0498722-Oct-2019 Joe Watkins

bump version

Revision tags: php-7.1.33
326cd05d22-Oct-2019 Joe Watkins

set versions for release

Revision tags: php-7.2.24, php-7.3.11, php-7.4.0RC4
ab061f9512-Oct-2019 Jakub Zelenka

Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)

Revision tags: php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1
fadd7f0f28-Aug-2019 Joe Watkins

bump versions after release

Revision tags: php-7.1.32
481520d328-Aug-2019 Joe Watkins

set versions for release

Revision tags: php-7.2.22, php-7.3.9, php-7.4.0beta4
7bf1f9d516-Aug-2019 Christoph M. Becker

Fix #75457: heap-use-after-free in php7.0.25

Backport <https://vcs.pcre.org/pcre?view=revision&revision=1638>.

1258303e25-Aug-2019 Stanislav Malyshev

Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe()

Backport from https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55

Revision tags: php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31
1c01a15731-Jul-2019 Joe Watkins

set version for release

Revision tags: php-7.2.21, php-7.3.8
cd1101e829-Jul-2019 Christoph M. Becker

Fix #77919: Potential UAF in Phar RSHUTDOWN

We have to properly clean up in case phar_flush() is failing.

We also make the expectation of the respective test case less liberal
t

Fix #77919: Potential UAF in Phar RSHUTDOWN

We have to properly clean up in case phar_flush() is failing.

We also make the expectation of the respective test case less liberal
to avoid missing such bugs in the future.

show more ...

42e8b85d29-Jul-2019 Stanislav Malyshev

Update NEWS

Revision tags: php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3
aeb6d13108-Jul-2019 Stanislav Malyshev

Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)

dea2989a08-Jul-2019 Stanislav Malyshev

Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)

Revision tags: php-7.3.7, php-7.2.20, php-7.4.0alpha2
e944ae6b21-Jun-2019 Christoph M. Becker

Upgrade to SQLite 3.28.0

Over the years, multiple security vulnerabilities[1] have been found
and fixed in SQLite3, so it makes sense to update our bundled libsqlite
to the latest av

Upgrade to SQLite 3.28.0

Over the years, multiple security vulnerabilities[1] have been found
and fixed in SQLite3, so it makes sense to update our bundled libsqlite
to the latest available version.

[1] <https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html>

show more ...

Revision tags: php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6
5533f24928-May-2019 Joe Watkins

bump version after release

Revision tags: php-7.1.30
c34895e828-May-2019 Stanislav Malyshev

Fix bug #77967 - Bypassing open_basedir restrictions via file uris

73ff419328-May-2019 Stanislav Malyshev

Fix bug #77988 - heap-buffer-overflow on php_jpg_get16

16e037bd27-May-2019 Stanislav Malyshev

Update NEWS

7cf7148a27-May-2019 Stanislav Malyshev

Fix bug #78069 - Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow

Revision tags: php-7.2.19RC1, php-7.3.6RC1
ed6dee9a06-May-2019 Christoph M. Becker

Fix #77973: Uninitialized read in gdImageCreateFromXbm

We have to ensure that `sscanf()` does indeed read a hex value here,
and bail out otherwise.

Revision tags: php-7.1.29, php-7.2.18, php-7.3.5
f80ad18a30-Apr-2019 Stanislav Malyshev

Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG

I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a

Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG

I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.

show more ...

Revision tags: php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28
6c631ccf29-Mar-2019 Christoph M. Becker

Fix #77821: Potential heap corruption in TSendMail()

`zend_string_tolower()` returns a copy (not a duplicate) of the given
string, if it is already in lower case. In this case we must n

Fix #77821: Potential heap corruption in TSendMail()

`zend_string_tolower()` returns a copy (not a duplicate) of the given
string, if it is already in lower case. In this case we must not not
`zend_string_free()` both strings. The cleanest solution is to call
` zend_string_release()` on both strings, which properly handles the
refcount.

show more ...

588db7ce07-Apr-2019 Stanislav Malyshev

Always use ZEND_SECURE_ZERO() when cleaning up data

Optimizing compilers have an annoying tendency to throw out
memsets over data that they think aren't used anymore. Apply secure
ze

Always use ZEND_SECURE_ZERO() when cleaning up data

Optimizing compilers have an annoying tendency to throw out
memsets over data that they think aren't used anymore. Apply secure
zero-out in cases where this has potential to happen.

show more ...

12345678910>>...3186