Stanislav Malyshev
f06a069c46
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
2015-09-01 00:14:15 -07:00
Stanislav Malyshev
e8429400d4
Fix bug #70172 - Use After Free Vulnerability in unserialize()
2015-08-31 23:26:14 -07:00
Stanislav Malyshev
e201f01ac1
Fix bug #70388 - SOAP serialize_function_call() type confusion
2015-08-31 21:06:03 -07:00
Stanislav Malyshev
f9c2bf73ad
Fixed bug #70350 : ZipArchive::extractTo allows for directory traversal when creating directories
2015-08-30 00:38:08 -07:00
Stanislav Malyshev
ce2c67c8e8
Improve fix for #70385
2015-08-29 23:01:36 -07:00
Stanislav Malyshev
03964892c0
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
2015-08-28 22:52:50 -07:00
Stanislav Malyshev
64043cb9e5
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
2015-08-28 22:25:41 -07:00
Stanislav Malyshev
df4bf28f9f
Fix bug #70219 (Use after free vulnerability in session deserializer)
2015-08-23 19:56:12 -07:00
Stanislav Malyshev
1744be2d17
Fix for bug #69782
2015-08-16 17:16:15 -07:00
Stanislav Malyshev
b221df5549
5.4.45 next
2015-08-04 23:56:15 -07:00
Stanislav Malyshev
da5321013c
fix test
2015-08-04 16:45:20 -07:00
Stanislav Malyshev
f1acac154a
__wakeup doesn't have to be final
2015-08-04 16:13:26 -07:00
Stanislav Malyshev
0a21b5d970
fix test
2015-08-04 14:46:19 -07:00
Stanislav Malyshev
ee61c7175f
update NEWS
2015-08-04 14:37:28 -07:00
Stanislav Malyshev
51f9a00b47
Merge branch 'PHP-5.4' into PHP-5.4.44
...
* PHP-5.4:
Fixed bug #69892
Adjust Git-Rules
2015-08-04 14:04:24 -07:00
Stanislav Malyshev
dda81f0505
Fix bug #70019 - limit extracted files to given directory
2015-08-04 14:02:31 -07:00
Stanislav Malyshev
0e09009753
Do not do convert_to_* on unserialize, it messes up references
2015-08-04 13:59:56 -07:00
Stanislav Malyshev
4d2278143a
Fix #69793 - limit what we accept when unserializing exception
2015-08-01 22:02:26 -07:00
Stanislav Malyshev
863bf294fe
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
2015-08-01 22:01:51 -07:00
Stanislav Malyshev
7381b6accc
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
2015-08-01 22:01:40 -07:00
Stanislav Malyshev
c7d3c027d5
ignore signatures for packages too
2015-08-01 22:01:32 -07:00
Stanislav Malyshev
c2e197e4ef
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
2015-08-01 22:01:17 -07:00
Nikita Popov
7fc04937f5
Fixed bug #69892
2015-08-01 20:47:43 -07:00
Julien Pauli
8f1baa6e1c
Adjust Git-Rules
2015-07-29 10:02:39 +02:00
Stanislav Malyshev
16023f3e3b
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
2015-07-26 17:43:16 -07:00
Stanislav Malyshev
7a4584d3f6
Improved fix for Bug #69441
2015-07-26 17:31:12 -07:00
Stanislav Malyshev
b7fa67742c
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
2015-07-26 17:25:25 -07:00
Stanislav Malyshev
e488690d95
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
2015-07-26 17:10:24 -07:00
Stanislav Malyshev
c96d08b272
Fix bug #70081 : check types for SOAP variables
2015-07-26 16:44:18 -07:00
Stanislav Malyshev
496f291f3d
5.4.44 next
2015-07-07 15:07:28 -07:00
Stanislav Malyshev
885edfef0a
Better fix for bug #69958
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
c8157619ef
update news
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
97aa752fee
Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
6dedeb40db
Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath
2015-07-07 09:38:31 -07:00
Stanislav Malyshev
bf58162ddf
Fix bug #69958 - Segfault in Phar::convertToData on invalid file
2015-07-07 09:38:30 -07:00
Ferenc Kovacs
29533ae528
add missing second argument for ucfirst to the proto
2015-07-07 15:48:55 +02:00
Stanislav Malyshev
cd9c39d77c
Merge branch 'pull-request/1350' into PHP-5.4
...
* pull-request/1350:
Move strlen() check to php_mail_detect_multiple_crlf()
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-28 20:18:56 -07:00
Christoph M. Becker
921544cad9
updated NEWS
2015-06-24 00:20:32 +02:00
Christoph M. Becker
a621781fdb
Fixed bug #69768 (escapeshell*() doesn't cater to !)
...
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
2015-06-24 00:15:55 +02:00
George Wang
fdb580a5ad
bump API version to 6.8
2015-06-22 23:38:38 -04:00
Yasuo Ohgaki
d263ecd864
Move strlen() check to php_mail_detect_multiple_crlf()
2015-06-19 15:17:56 +09:00
Yasuo Ohgaki
dacea3f6fb
Fixed Bug #69874 : Can't set empty additional_headers for mail()
2015-06-19 12:19:12 +09:00
Lior Kaplan
cc7194dd10
Fixed bug #69689 (Align PCRE_MINOR with current version)
2015-06-18 17:30:21 +03:00
Lior Kaplan
5f67caad54
Add CVE to bugs #69545 , #69646 and #69667
2015-06-18 15:45:10 +03:00
Stanislav Malyshev
7f4e1a0eef
5.4.43 next
2015-06-11 20:46:47 -07:00
Stanislav Malyshev
f1ffb4b1ad
add NEWS
2015-06-09 21:35:18 -07:00
Yasuo Ohgaki
9d168b863e
Fixed bug #68776
2015-06-09 21:32:54 -07:00
Stanislav Malyshev
eee8b6c33f
fix test
2015-06-09 17:11:33 -07:00
Stanislav Malyshev
539738c438
update NEWS
2015-06-09 16:23:05 -07:00
Stanislav Malyshev
8036758491
Fix bug #69646 OS command injection vulnerability in escapeshellarg
2015-06-09 10:52:38 -07:00