1d9205b6 | 06-Dec-2019 |
Joe Watkins |
fix configure |
eeb69ac7 | 05-Dec-2019 |
Joe Watkins |
fix version for sake of history ... goodbye 7.1 |
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5 |
|
46982004 | 27-Oct-2019 |
Stanislav Malyshev |
Fix libmagic buffer overflow issue (CVE-2019-18218) Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 |
52f04987 | 22-Oct-2019 |
Joe Watkins |
bump version |
Revision tags: php-7.1.33 |
|
326cd05d | 22-Oct-2019 |
Joe Watkins |
set versions for release |
Revision tags: php-7.2.24, php-7.3.11, php-7.4.0RC4 |
|
ab061f95 | 12-Oct-2019 |
Jakub Zelenka |
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) |
Revision tags: php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1 |
|
fadd7f0f | 28-Aug-2019 |
Joe Watkins |
bump versions after release |
Revision tags: php-7.1.32 |
|
481520d3 | 28-Aug-2019 |
Joe Watkins |
set versions for release |
Revision tags: php-7.2.22, php-7.3.9, php-7.4.0beta4 |
|
7bf1f9d5 | 16-Aug-2019 |
Christoph M. Becker |
Fix #75457: heap-use-after-free in php7.0.25 Backport <https://vcs.pcre.org/pcre?view=revision&revision=1638>. |
1258303e | 25-Aug-2019 |
Stanislav Malyshev |
Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe() Backport from https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 |
Revision tags: php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31 |
|
1c01a157 | 31-Jul-2019 |
Joe Watkins |
set version for release |
Revision tags: php-7.2.21, php-7.3.8 |
|
cd1101e8 | 29-Jul-2019 |
Christoph M. Becker |
Fix #77919: Potential UAF in Phar RSHUTDOWN We have to properly clean up in case phar_flush() is failing. We also make the expectation of the respective test case less liberal t
Fix #77919: Potential UAF in Phar RSHUTDOWN We have to properly clean up in case phar_flush() is failing. We also make the expectation of the respective test case less liberal to avoid missing such bugs in the future.
show more ...
|
42e8b85d | 29-Jul-2019 |
Stanislav Malyshev |
Update NEWS |
Revision tags: php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3 |
|
aeb6d131 | 08-Jul-2019 |
Stanislav Malyshev |
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment) |
dea2989a | 08-Jul-2019 |
Stanislav Malyshev |
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) |
Revision tags: php-7.3.7, php-7.2.20, php-7.4.0alpha2 |
|
e944ae6b | 21-Jun-2019 |
Christoph M. Becker |
Upgrade to SQLite 3.28.0 Over the years, multiple security vulnerabilities[1] have been found and fixed in SQLite3, so it makes sense to update our bundled libsqlite to the latest av
Upgrade to SQLite 3.28.0 Over the years, multiple security vulnerabilities[1] have been found and fixed in SQLite3, so it makes sense to update our bundled libsqlite to the latest available version. [1] <https://www.cvedetails.com/vulnerability-list/vendor_id-9237/Sqlite.html>
show more ...
|
Revision tags: php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6 |
|
5533f249 | 28-May-2019 |
Joe Watkins |
bump version after release |
Revision tags: php-7.1.30 |
|
c34895e8 | 28-May-2019 |
Stanislav Malyshev |
Fix bug #77967 - Bypassing open_basedir restrictions via file uris |
73ff4193 | 28-May-2019 |
Stanislav Malyshev |
Fix bug #77988 - heap-buffer-overflow on php_jpg_get16 |
16e037bd | 27-May-2019 |
Stanislav Malyshev |
Update NEWS |
7cf7148a | 27-May-2019 |
Stanislav Malyshev |
Fix bug #78069 - Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow |
Revision tags: php-7.2.19RC1, php-7.3.6RC1 |
|
ed6dee9a | 06-May-2019 |
Christoph M. Becker |
Fix #77973: Uninitialized read in gdImageCreateFromXbm We have to ensure that `sscanf()` does indeed read a hex value here, and bail out otherwise. |
Revision tags: php-7.1.29, php-7.2.18, php-7.3.5 |
|
f80ad18a | 30-Apr-2019 |
Stanislav Malyshev |
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG I do not completely understand what is going on there, but I am pretty sure dir_entry <= offset_base if not a
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG I do not completely understand what is going on there, but I am pretty sure dir_entry <= offset_base if not a normal situation, so we better not to rely on such dir_entry.
show more ...
|
Revision tags: php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28 |
|
6c631ccf | 29-Mar-2019 |
Christoph M. Becker |
Fix #77821: Potential heap corruption in TSendMail() `zend_string_tolower()` returns a copy (not a duplicate) of the given string, if it is already in lower case. In this case we must n
Fix #77821: Potential heap corruption in TSendMail() `zend_string_tolower()` returns a copy (not a duplicate) of the given string, if it is already in lower case. In this case we must not not `zend_string_free()` both strings. The cleanest solution is to call ` zend_string_release()` on both strings, which properly handles the refcount.
show more ...
|
588db7ce | 07-Apr-2019 |
Stanislav Malyshev |
Always use ZEND_SECURE_ZERO() when cleaning up data Optimizing compilers have an annoying tendency to throw out memsets over data that they think aren't used anymore. Apply secure ze
Always use ZEND_SECURE_ZERO() when cleaning up data Optimizing compilers have an annoying tendency to throw out memsets over data that they think aren't used anymore. Apply secure zero-out in cases where this has potential to happen.
show more ...
|