731eeb8d | 02-Apr-2019 |
Joe Watkins |
bump versions after release |
dc1cd3da | 02-Apr-2019 |
Remi Collet |
fix paste issue |
01a4de5c | 02-Apr-2019 |
Christoph M. Becker |
Pointer arithmetic on void pointers is illegal We quick-fix this by casting to char*; it might be more appropriate to use char pointers in the first place. |
887a7b57 | 02-Apr-2019 |
Stanislav Malyshev |
Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIF |
c684d32f | 01-Apr-2019 |
Stanislav Malyshev |
Update NEWS |
Revision tags: php-7.3.4RC1, php-7.2.17RC1 |
|
f3aefc6d | 18-Mar-2019 |
Stanislav Malyshev |
Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s |
Revision tags: php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1 |
|
0ecac37c | 11-Feb-2019 |
Nikita Popov |
Validate subject encoding in mb_split and mb_ereg_match We were already validating the subject encoding in most functions, but not these two. |
40fe50da | 11-Feb-2019 |
Nikita Popov |
Validate pattern against mbregex encoding Oniguruma does not consistently perform this validation itself (at least on older versions), so make sure we check pattern encoding validity on
Validate pattern against mbregex encoding Oniguruma does not consistently perform this validation itself (at least on older versions), so make sure we check pattern encoding validity on the PHP side.
show more ...
|
Revision tags: php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1 |
|
58c25bf6 | 16-Dec-2018 |
bohwaz |
SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws |
66bd861f | 28-Feb-2019 |
Anatol Belski |
Sync with behavior change in OpenSSL 1.1.1b A behavior change in revealed by some openssl_decrypt() based test, where an encrypt API is used with a decrypt context. The EVP_Cipher* f
Sync with behavior change in OpenSSL 1.1.1b A behavior change in revealed by some openssl_decrypt() based test, where an encrypt API is used with a decrypt context. The EVP_Cipher* functions will automatically choose the right operation depending on the context passed. (cherry picked from commit 19a44ffb7be91344550fa700830b8e62a73031ba)
show more ...
|
b6308f5b | 05-Mar-2019 |
Joe Watkins |
fix news |
58c5df3d | 05-Mar-2019 |
Joe Watkins |
bump versions after release |
e3133e4d | 03-Mar-2019 |
Stanislav Malyshev |
Fix bug #77630 - safer rename() procedure In order to rename safer, we do the following: - set umask to 077 (unfortunately, not TS, so excluding ZTS) - chown() first, to set proper g
Fix bug #77630 - safer rename() procedure In order to rename safer, we do the following: - set umask to 077 (unfortunately, not TS, so excluding ZTS) - chown() first, to set proper group before allowing group access - chmod() after, even if chown() fails
show more ...
|
e0f5d62b | 04-Mar-2019 |
Stanislav Malyshev |
Fix bug #77586 - phar_tar_writeheaders_int() buffer overflow |
759e841b | 04-Mar-2019 |
Stanislav Malyshev |
Update NEWS |
44f87fbf | 04-Mar-2019 |
Stanislav Malyshev |
Fix test error message |
8ac6fee8 | 02-Mar-2019 |
Stanislav Malyshev |
Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE Also fix for bug #77659 |
5f0e62a3 | 02-Mar-2019 |
Stanislav Malyshev |
Fix bug #77540 - Invalid Read on exif_process_SOFn |
5e824a88 | 02-Mar-2019 |
Stanislav Malyshev |
Fix integer overflows on 32-bits |
254a5914 | 09-Jan-2019 |
Christoph M. Becker |
Fix #77431 SplFileInfo::__construct() accepts NUL bytes `SplFileInfo::__construct()` has to expect a path instead of a string, analogous to `SplFileObject::__construct()`. |
7f0ab7c2 | 04-Mar-2019 |
Stanislav Malyshev |
Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename |
65d81833 | 06-Feb-2019 |
Derick Rethans |
Use pkg-config for ICU, as the old icu-config has been deprecated |
fabade15 | 08-Jan-2019 |
Sara Golemon |
Bump for 7.1.27 |
27625f06 | 07-Jan-2019 |
Stanislav Malyshev |
Still leaking for some reason, XFAIL for now, I'll look into it later. |
1afebfb3 | 07-Jan-2019 |
Stanislav Malyshev |
Merge branch 'PHP-5.6' into PHP-7.1 * PHP-5.6: Fix bug #77418 - Heap overflow in utf32be_mbc_to_code [ci skip] Add NEWS Fix more issues with encodilng length Fix #772
Merge branch 'PHP-5.6' into PHP-7.1 * PHP-5.6: Fix bug #77418 - Heap overflow in utf32be_mbc_to_code [ci skip] Add NEWS Fix more issues with encodilng length Fix #77270: imagecolormatch Out Of Bounds Write on Heap Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) Fix bug #77370 - check that we do not read past buffer end when parsing multibytes Fix #77269: Potential unsigned underflow in gdImageScale Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) Regenerate certs for openssl tests
show more ...
|