clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-01 14:56:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
71,002 Commits 494 Branches 1,367 Tags 801 MiB
c6a26cb39d
Commit Graph

6611 Commits

Author SHA1 Message Date
Remi Collet
c6a26cb39d add CVE 2015-02-18 06:44:41 +01:00
Stanislav Malyshev
24f8a68d0a 5.4.39 next 2015-02-17 07:34:00 +01:00
Stanislav Malyshev
bdfe457a2c Port for for bug #68552 2015-02-17 06:53:02 +01:00
Felipe Pena
82d347a477 - BFN 2015-02-17 01:14:05 -02:00
Yasuo Ohgaki
5b6269a253 Update NEWS 2015-02-14 05:34:57 +09:00
Stanislav Malyshev
f001c63073 Update header handling to RFC 7230 2015-02-05 20:08:12 -08:00
Stanislav Malyshev
0f9c708229 Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:08:13 -08:00
Stanislav Malyshev
b3b155ffe2 format 2015-01-20 11:57:17 -08:00
Stanislav Malyshev
547f62ed2a add CVE 2015-01-20 11:54:45 -08:00
Stanislav Malyshev
8825311ce1 5.4.38 next 2015-01-20 10:38:33 -08:00
Stanislav Malyshev
e63f7b47e1 Merge branch 'bug68710' into PHP-5.4 
* bug68710:
  Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
 2015-01-20 01:02:26 -08:00
Stanislav Malyshev
fc6aa939f5 Merge branch 'bug68799' into PHP-5.4 
* bug68799:
  Fix bug #68799: Free called on unitialized pointer
 2015-01-20 01:00:11 -08:00
Daniel Lowrey
0a76610459 Update NEWS 2015-01-14 18:03:27 +01:00
Anatol Belski
ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Stanislav Malyshev
b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev
f9ad308669 FIx bug #68618 (out of bounds read crashes php-cgi) 2014-12-30 01:23:05 -08:00
Ferenc Kovacs
cd387b4575 add missing NEWS entry 2014-12-17 02:10:36 +01:00
Stanislav Malyshev
8fe4cc6d28 5.4.37 2014-12-16 11:44:41 -08:00
Stanislav Malyshev
53f129a44d add CVE 2014-12-16 10:16:31 -08:00
Stanislav Malyshev
630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Stanislav Malyshev
97df260b27 update NEWS 2014-12-11 10:41:17 -08:00
Stanislav Malyshev
84be568366 update news 2014-11-30 21:37:39 -08:00
Stanislav Malyshev
7dbc5e5c69 update for LiteSpeed 2014-11-23 18:05:26 -08:00
Stanislav Malyshev
98b22864ff 5.4.36-dev 2014-11-11 16:31:38 -08:00
Matteo Beccati
2323e95df9 Fixed bug #66584 Segmentation fault on statement deallocation 2014-11-11 16:25:31 -08:00
Ferenc Kovacs
db5ad4c51f update NEWS 2014-11-12 00:18:13 +01:00
Stanislav Malyshev
0ddcf2a919 update NEWS 2014-11-03 11:43:15 -08:00
Stanislav Malyshev
4d54c4bdf0 fix NEWS & version 2014-10-22 13:16:29 -07:00
Remi Collet
de4fff0fb3 NEWS 2014-10-22 15:39:49 +02:00
Stanislav Malyshev
287c91c1f0 Fix bug #68113 (Heap corruption in exif_thumbnail()) 2014-10-13 23:17:45 -07:00
Stanislav Malyshev
ab0939e5e5 Fix bug #68089 - do not accept options with embedded \0 
Conflicts:
	ext/curl/interface.c
 2014-10-13 23:16:06 -07:00
Stanislav Malyshev
56754a7f9e Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-13 23:14:25 -07:00
Stanislav Malyshev
88412772d2 Fix bug #68027 - fix date parsing in XMLRPC lib 2014-10-13 23:12:11 -07:00
Ard Biesheuvel
82b07b62c0 update NEWS 
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2014-10-10 11:40:07 +02:00
Stanislav Malyshev
28ed0119ac update NEWS 2014-09-26 00:55:49 -07:00
Remi Collet
2775dc2b44 Fix NEWS 
- #65641 mod_proxy-fcgi is not fixed (still open)
- #67606 mod_fastcgi is fixed in ee275e34c8
 2014-09-15 08:23:25 +02:00
Tjerk Meesters
99f0760bfb Fixed #67985 - Incorrect last used array index copied to new array after unset 
In master zend_array_dup() is used to do this properly; this is a workaround.
 2014-09-09 17:58:45 +08:00
Stanislav Malyshev
5e95b61639 5.4.34 is next 2014-09-02 15:03:04 -07:00
Stanislav Malyshev
fe551c089a Revert "Fix bug #67644 - Memory corruption & crash during ob_start function callback" 
This reverts commit 53fa6c5b6b.
The change breaks tests, so not putting it into 5.4.
 2014-09-02 14:15:39 -07:00
Stanislav Malyshev
53fa6c5b6b Fix bug #67644 - Memory corruption & crash during ob_start function callback 2014-09-02 12:31:03 -07:00
Stanislav Malyshev
30aceaf1a7 update NEWS 2014-09-01 12:13:43 -07:00
Stanislav Malyshev
b206b0e29d fix NEWS for fcgi fix merge 2014-08-28 23:10:32 -07:00
Michael Wallner
54fbbded37 fix bug #67865 2014-08-21 22:41:36 +02:00
Remi Collet
9185cfd539 NEWS 2014-08-20 15:16:53 +02:00
Lior Kaplan
276bead9c4 Add NEWS entry for bug #67730 
Included in 5.4.32 with commit 706aefb
 2014-08-20 00:54:19 +03:00
Lior Kaplan
359bc0ee2f Add CVE ID for bug #67539 2014-08-20 00:51:37 +03:00
Sara Golemon
cbe1597b74 Switch use of strtok() to gd_strtok_r() 
strtok() is not thread safe, so this will potentially break in
very bad ways if used in ZTS mode.

I'm not sure why gd_strtok_r() exists since it seems to do the
same thing as strtok_r(), but I'll assume it's a portability
decision and do as the Romans do.
 2014-08-19 13:16:44 -07:00
Remi Collet
88c48a4b95 NEWS 2014-08-19 08:40:18 +02:00
Keyur Govande
0407bdf252 Add NEWS 2014-08-15 23:08:29 +00:00
Remi Collet
35f32637b0 Fix bug #67716 - Segfault in cdf.c 2014-08-14 17:21:20 -07:00