serialization_objects_017.phpt - OpenGrok history log for /php-src/ext/standard/tests/serialize/serialization_objects

Revision		Date	Author	Comments
# f2e8c5da		12-Jan-2023	Tim Düsterhus	unserialize: Strictly check for `:{` at object start (#10214) * unserialize: Strictly check for `:{` at object start * unserialize: Update CVE tests It's unlikely that the unserialize: Strictly check for `:{` at object start (#10214) * unserialize: Strictly check for `:{` at object start * unserialize: Update CVE tests It's unlikely that the object syntax error contributed to the actual CVE. The CVE is rather caused by the incorrect object serialization data of the `C` format. Add a second string without such a syntax error to ensure that path is still executed as well to ensure the CVE is absent. * Fix test expectation in gmp/tests/bug74670.phpt No changes to the input required, because the test actually is intended to verify the behavior for a missing `}`, it's just that the report position changed. * NEWS * UPGRADING show more ...

Revision

Date

Author

Comments

# f2e8c5da

12-Jan-2023

Tim Düsterhus

unserialize: Strictly check for `:{` at object start (#10214)

* unserialize: Strictly check for `:{` at object start

* unserialize: Update CVE tests

It's unlikely that the

unserialize: Strictly check for `:{` at object start (#10214)

* unserialize: Strictly check for `:{` at object start

* unserialize: Update CVE tests

It's unlikely that the object syntax error contributed to the actual CVE. The
CVE is rather caused by the incorrect object serialization data of the `C`
format. Add a second string without such a syntax error to ensure that path is
still executed as well to ensure the CVE is absent.

* Fix test expectation in gmp/tests/bug74670.phpt

No changes to the input required, because the test actually is intended to
verify the behavior for a missing `}`, it's just that the report position changed.

* NEWS

* UPGRADING