Stanislav Malyshev
|
12d3bdee3d
|
Additional fix for bug #69324
Not so happy about duplication but needed due to bug #69429
|
2015-04-11 16:53:22 -07:00 |
|
Stanislav Malyshev
|
a894a8155f
|
More fixes for bug #69152
|
2015-04-11 16:53:22 -07:00 |
|
Stanislav Malyshev
|
4435b9142f
|
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
|
2015-04-11 16:53:22 -07:00 |
|
Stanislav Malyshev
|
9faaee66fa
|
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
|
2015-04-11 16:53:21 -07:00 |
|
Stanislav Malyshev
|
0ea75af9be
|
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
|
2015-04-11 16:53:21 -07:00 |
|
Stanislav Malyshev
|
809610f5ea
|
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
|
2015-04-11 16:53:21 -07:00 |
|
Stanislav Malyshev
|
f938112c49
|
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
|
2015-04-11 16:53:21 -07:00 |
|
Xinchen Hui
|
920a0afbf8
|
Fixed bug #68901 (use after free)
|
2015-04-11 16:28:07 -07:00 |
|
Xinchen Hui
|
9a404df382
|
Fixed bug #68740 (NULL Pointer Dereference)
(cherry picked from commit 124fb22a13 )
|
2015-04-05 22:48:10 -07:00 |
|
Stanislav Malyshev
|
5ae20c6247
|
Fix bug #66550 (SQLite prepared statement use-after-free)
|
2015-04-05 22:36:26 -07:00 |
|
Remi Collet
|
bd31cb7563
|
Better fix for #68601 for perf
81e9a993f2
|
2015-04-05 17:36:47 -07:00 |
|
Remi Collet
|
afbf725e73
|
Fix bug #68601 buffer read overflow in gd_gif_in.c
|
2015-04-05 17:33:52 -07:00 |
|
Stanislav Malyshev
|
caecd88237
|
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
This reverts commit fe0ca2745f , reversing
changes made to 968fbc6acf .
|
2015-04-01 23:43:33 -07:00 |
|
Dmitry Stogov
|
75f40ae1f3
|
Fixed bug #69293
|
2015-03-27 18:40:58 +03:00 |
|
Xinchen Hui
|
fe0ca2745f
|
Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4
|
2015-03-25 13:05:08 +08:00 |
|
Stanislav Malyshev
|
968fbc6acf
|
Bacport fix bug #68741 - Null pointer dereference
|
2015-03-22 18:30:05 -07:00 |
|
Stanislav Malyshev
|
fb83c76dee
|
Check that the type is correct
|
2015-03-22 18:17:47 -07:00 |
|
Stanislav Malyshev
|
95b9c34f02
|
add CVEs
|
2015-03-19 22:54:48 -07:00 |
|
Dmitry Stogov
|
51856a76f8
|
Fixed bug #69152
|
2015-03-19 11:36:01 +03:00 |
|
Stanislav Malyshev
|
4c3b73b6df
|
5.4.40 next
|
2015-03-17 22:37:16 -07:00 |
|
Stanislav Malyshev
|
ef8fc4b53d
|
Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
|
2015-03-17 21:59:56 -07:00 |
|
Stanislav Malyshev
|
fb04dcf6db
|
Fix bug #69248 - heap overflow vulnerability in regcomp.c
Merged from 70bc296560
|
2015-03-17 17:04:57 -07:00 |
|
Stanislav Malyshev
|
8b14d3052f
|
add test for bug #68976
|
2015-03-17 17:03:46 -07:00 |
|
Stanislav Malyshev
|
646572d6d3
|
Fixed bug #68976 - Use After Free Vulnerability in unserialize()
|
2015-03-17 13:20:22 -07:00 |
|
Stanislav Malyshev
|
bfb669891e
|
Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options)
|
2015-03-17 13:05:43 -07:00 |
|
Stanislav Malyshev
|
9ba4db5e5d
|
fix tests
|
2015-03-17 12:55:35 -07:00 |
|
Stanislav Malyshev
|
1291d6bbee
|
Fix bug #69207 - move_uploaded_file allows nulls in path
|
2015-03-17 12:47:58 -07:00 |
|
Xinchen Hui
|
ef2db26c60
|
Merge branch 'arginfo' of https://github.com/realityking/php-src into PHP-5.4
|
2015-03-08 22:53:19 +08:00 |
|
Dmitry Stogov
|
c8eaca013a
|
Added type checks
|
2015-03-03 10:43:48 +03:00 |
|
Dmitry Stogov
|
0c136a2abd
|
Added type checks
|
2015-03-03 09:44:46 +03:00 |
|
Dmitry Stogov
|
d5248f67b5
|
Check variable type before its usage as IS_ARRAY.
|
2015-03-02 12:27:36 +03:00 |
|
George Wang
|
8584cc010a
|
Fixed a bug that header value is not terminated by '\0' when accessed through getenv().
|
2015-02-25 10:48:19 -05:00 |
|
Ferenc Kovacs
|
c17a17e44b
|
fix typo in bug#
|
2015-02-18 19:47:07 +01:00 |
|
Remi Collet
|
c6a26cb39d
|
add CVE
|
2015-02-18 06:44:41 +01:00 |
|
Stanislav Malyshev
|
24f8a68d0a
|
5.4.39 next
|
2015-02-17 07:34:00 +01:00 |
|
Stanislav Malyshev
|
bdfe457a2c
|
Port for for bug #68552
|
2015-02-17 06:53:02 +01:00 |
|
Stanislav Malyshev
|
7b18981830
|
Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
Conflicts:
ext/date/php_date.c
|
2015-02-17 06:43:51 +01:00 |
|
Felipe Pena
|
82d347a477
|
- BFN
|
2015-02-17 01:14:05 -02:00 |
|
Felipe Pena
|
8f9ab04d93
|
- Fixed bug #67827 (broken detection of system crypt sha256/sha512 support)
|
2015-02-17 00:23:47 -02:00 |
|
Felipe Pena
|
e08bef442c
|
- Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at docoloc dot de
|
2015-02-16 13:07:26 -02:00 |
|
Yasuo Ohgaki
|
5b6269a253
|
Update NEWS
|
2015-02-14 05:34:57 +09:00 |
|
Yasuo Ohgaki
|
a8722f5330
|
Add NULL byte protection to exec, system and passthru
|
2015-02-14 05:25:04 +09:00 |
|
George Wang
|
5e3f0f5671
|
Fixed #68790 (Missing return)
|
2015-02-07 12:16:54 -05:00 |
|
Stanislav Malyshev
|
f001c63073
|
Update header handling to RFC 7230
|
2015-02-05 20:08:12 -08:00 |
|
Stanislav Malyshev
|
7efbd70b03
|
fix sizeof size
|
2015-02-01 12:40:38 -08:00 |
|
Stanislav Malyshev
|
94d6cb4a78
|
fix TSRM
|
2015-01-31 23:34:14 -08:00 |
|
Stanislav Malyshev
|
b30a6d6018
|
Use better constant since MAXHOSTNAMELEN may mean shorter name
|
2015-01-31 21:46:56 -08:00 |
|
Stanislav Malyshev
|
2cdbd3537f
|
use right sizeof for memset
|
2015-01-31 21:30:58 -08:00 |
|
Stanislav Malyshev
|
0f9c708229
|
Add mitigation for CVE-2015-0235 (bug #68925)
|
2015-01-31 19:08:13 -08:00 |
|
Ferenc Kovacs
|
61ad5e24ea
|
fix some factual errors in the process
|
2015-01-22 21:27:38 +01:00 |
|