f7bf9650 | 14-Oct-2016 |
Ferenc Kovacs |
add missing NEWS entries for 5.6.27 |
cc08cbc8 | 13-Oct-2016 |
Christoph M. Becker |
Fix #73280: Stack Buffer Overflow in GD dynamicGetbuf We make sure to never pass a negative `rlen` as size to memcpy(). Cf. <https://github.com/libgd/libgd/commit/53110871>. |
43ccf23d | 12-Oct-2016 |
Sara Golemon |
Clear FG(user_stream_current_filename) when bailing out If a userwrapper opener E_ERRORs then FG(user_stream_current_filename) would remain set until the next request and would not be po
Clear FG(user_stream_current_filename) when bailing out If a userwrapper opener E_ERRORs then FG(user_stream_current_filename) would remain set until the next request and would not be pointing at unallocated memory. Catch the bailout, clear the variable, then continue bailing. Closes https://bugs.php.net/bug.php?id=73188
show more ...
|
689a9b8d | 11-Oct-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.6.27' into PHP-5.6 * PHP-5.6.27: Fix tests fix tsrm Fix bug #73284 - heap overflow in php_ereg_replace function Fix bug #73276 - crash in openssl_
Merge branch 'PHP-5.6.27' into PHP-5.6 * PHP-5.6.27: Fix tests fix tsrm Fix bug #73284 - heap overflow in php_ereg_replace function Fix bug #73276 - crash in openssl_random_pseudo_bytes function Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML() fix bug #73275 - crash in openssl_encrypt function Fix for #73240 - Write out of bounds at number_format Bug #73218: add mitigation for ICU int overflow Add more locale length checks, due to ICU bugs. Fix bug #73208 - another missing length check Fix bug #73190: memcpy negative parameter _bc_new_num_ex Fix bug #73189 - Memcpy negative size parameter php_resolve_path Fixed bug #73174 - heap overflow in php_pcre_replace_impl Fix bug #73150: missing NULL check in dom_document_save_html Fix bug #73147: Use After Free in PHP7 unserialize() Fix bug #73082 Fix bug #73073 - CachingIterator null dereference when convert to string
show more ...
|
082d1f23 | 11-Oct-2016 |
Stanislav Malyshev |
Fix tests |
c1112ff3 | 11-Oct-2016 |
Stanislav Malyshev |
fix tsrm |
21452a54 | 11-Oct-2016 |
Stanislav Malyshev |
Fix bug #73284 - heap overflow in php_ereg_replace function |
85a22a0a | 11-Oct-2016 |
Stanislav Malyshev |
Fix bug #73276 - crash in openssl_random_pseudo_bytes function |
96a8cf8e | 11-Oct-2016 |
Stanislav Malyshev |
Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML() |
8822f7c9 | 11-Oct-2016 |
Stanislav Malyshev |
fix bug #73275 - crash in openssl_encrypt function |
8259130b | 11-Oct-2016 |
Stanislav Malyshev |
Fix for #73240 - Write out of bounds at number_format |
4165d976 | 10-Oct-2016 |
Anatol Belski |
update NEWS |
256b150a | 10-Oct-2016 |
Anatol Belski |
add test for bug #73037 |
fc989fc6 | 10-Oct-2016 |
Christoph M. Becker |
Fix #73279: Integer overflow in gdImageScaleBilinearPalette() The color components are supposed to be in range 0..255, so we must not cast them to `signed char`, what can be the default
Fix #73279: Integer overflow in gdImageScaleBilinearPalette() The color components are supposed to be in range 0..255, so we must not cast them to `signed char`, what can be the default for `char`. Port of <https://github.com/libgd/libgd/commit/77c8d359>.
show more ...
|
b92216b9 | 09-Oct-2016 |
Christoph M. Becker |
Fix #73272: imagescale() affects imagesetinterpolation() We must not permanently change the interpolation method, but rather have to restore the old method after we're done with scaling
Fix #73272: imagescale() affects imagesetinterpolation() We must not permanently change the interpolation method, but rather have to restore the old method after we're done with scaling the image.
show more ...
|
3c5742eb | 08-Oct-2016 |
Anatol Belski |
fix leak |
b061fa90 | 07-Oct-2016 |
Nikita Popov |
Fix bug #73192 |
bc3a0b82 | 07-Oct-2016 |
Nikita Popov |
Revert "Fixed test" This reverts commit a10d03ac166daba646b6023e0f12e9ee8040c909. |
1c468ee0 | 07-Oct-2016 |
Nikita Popov |
Revert "Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986" This reverts commit 085dfca02b64588317a233eb191d07a75511fff2. |
07546496 | 05-Oct-2016 |
Anatol Belski |
Fix bug #73037, second round |
d946d102 | 05-Oct-2016 |
Stanislav Malyshev |
Bug #73218: add mitigation for ICU int overflow |
d3eb5833 | 05-Oct-2016 |
Stanislav Malyshev |
Add more locale length checks, due to ICU bugs. |
a10d03ac | 28-Oct-2015 |
Ilia Alshanetsky |
Fixed test |
085dfca0 | 27-Oct-2015 |
Ilia Alshanetsky |
Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986 |
8ea01d5f | 04-Oct-2016 |
Stanislav Malyshev |
Apparently negative wordwrap is a thing and should work as length = 0. I'll leave it as is for now. |