Dmitry Stogov
|
51856a76f8
|
Fixed bug #69152
|
2015-03-19 11:36:01 +03:00 |
|
Stanislav Malyshev
|
4c3b73b6df
|
5.4.40 next
|
2015-03-17 22:37:16 -07:00 |
|
Stanislav Malyshev
|
ef8fc4b53d
|
Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
|
2015-03-17 21:59:56 -07:00 |
|
Stanislav Malyshev
|
fb04dcf6db
|
Fix bug #69248 - heap overflow vulnerability in regcomp.c
Merged from 70bc296560
|
2015-03-17 17:04:57 -07:00 |
|
Stanislav Malyshev
|
8b14d3052f
|
add test for bug #68976
|
2015-03-17 17:03:46 -07:00 |
|
Stanislav Malyshev
|
646572d6d3
|
Fixed bug #68976 - Use After Free Vulnerability in unserialize()
|
2015-03-17 13:20:22 -07:00 |
|
Stanislav Malyshev
|
bfb669891e
|
Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options)
|
2015-03-17 13:05:43 -07:00 |
|
Stanislav Malyshev
|
9ba4db5e5d
|
fix tests
|
2015-03-17 12:55:35 -07:00 |
|
Stanislav Malyshev
|
1291d6bbee
|
Fix bug #69207 - move_uploaded_file allows nulls in path
|
2015-03-17 12:47:58 -07:00 |
|
Xinchen Hui
|
ef2db26c60
|
Merge branch 'arginfo' of https://github.com/realityking/php-src into PHP-5.4
|
2015-03-08 22:53:19 +08:00 |
|
Dmitry Stogov
|
c8eaca013a
|
Added type checks
|
2015-03-03 10:43:48 +03:00 |
|
Dmitry Stogov
|
0c136a2abd
|
Added type checks
|
2015-03-03 09:44:46 +03:00 |
|
Dmitry Stogov
|
d5248f67b5
|
Check variable type before its usage as IS_ARRAY.
|
2015-03-02 12:27:36 +03:00 |
|
George Wang
|
8584cc010a
|
Fixed a bug that header value is not terminated by '\0' when accessed through getenv().
|
2015-02-25 10:48:19 -05:00 |
|
Ferenc Kovacs
|
c17a17e44b
|
fix typo in bug#
|
2015-02-18 19:47:07 +01:00 |
|
Remi Collet
|
c6a26cb39d
|
add CVE
|
2015-02-18 06:44:41 +01:00 |
|
Stanislav Malyshev
|
24f8a68d0a
|
5.4.39 next
|
2015-02-17 07:34:00 +01:00 |
|
Stanislav Malyshev
|
bdfe457a2c
|
Port for for bug #68552
|
2015-02-17 06:53:02 +01:00 |
|
Stanislav Malyshev
|
7b18981830
|
Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
Conflicts:
ext/date/php_date.c
|
2015-02-17 06:43:51 +01:00 |
|
Felipe Pena
|
82d347a477
|
- BFN
|
2015-02-17 01:14:05 -02:00 |
|
Felipe Pena
|
8f9ab04d93
|
- Fixed bug #67827 (broken detection of system crypt sha256/sha512 support)
|
2015-02-17 00:23:47 -02:00 |
|
Felipe Pena
|
e08bef442c
|
- Fixed bug #67427 (SoapServer cannot handle large messages) patch by: brandt at docoloc dot de
|
2015-02-16 13:07:26 -02:00 |
|
Yasuo Ohgaki
|
5b6269a253
|
Update NEWS
|
2015-02-14 05:34:57 +09:00 |
|
Yasuo Ohgaki
|
a8722f5330
|
Add NULL byte protection to exec, system and passthru
|
2015-02-14 05:25:04 +09:00 |
|
George Wang
|
5e3f0f5671
|
Fixed #68790 (Missing return)
|
2015-02-07 12:16:54 -05:00 |
|
Stanislav Malyshev
|
f001c63073
|
Update header handling to RFC 7230
|
2015-02-05 20:08:12 -08:00 |
|
Stanislav Malyshev
|
7efbd70b03
|
fix sizeof size
|
2015-02-01 12:40:38 -08:00 |
|
Stanislav Malyshev
|
94d6cb4a78
|
fix TSRM
|
2015-01-31 23:34:14 -08:00 |
|
Stanislav Malyshev
|
b30a6d6018
|
Use better constant since MAXHOSTNAMELEN may mean shorter name
|
2015-01-31 21:46:56 -08:00 |
|
Stanislav Malyshev
|
2cdbd3537f
|
use right sizeof for memset
|
2015-01-31 21:30:58 -08:00 |
|
Stanislav Malyshev
|
0f9c708229
|
Add mitigation for CVE-2015-0235 (bug #68925)
|
2015-01-31 19:08:13 -08:00 |
|
Ferenc Kovacs
|
61ad5e24ea
|
fix some factual errors in the process
|
2015-01-22 21:27:38 +01:00 |
|
Stanislav Malyshev
|
b3b155ffe2
|
format
|
2015-01-20 11:57:17 -08:00 |
|
Stanislav Malyshev
|
547f62ed2a
|
add CVE
|
2015-01-20 11:54:45 -08:00 |
|
Stanislav Malyshev
|
ef4896d956
|
add protection against nulls
|
2015-01-20 11:46:10 -08:00 |
|
Stanislav Malyshev
|
8825311ce1
|
5.4.38 next
|
2015-01-20 10:38:33 -08:00 |
|
Stanislav Malyshev
|
e63f7b47e1
|
Merge branch 'bug68710' into PHP-5.4
* bug68710:
Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
|
2015-01-20 01:02:26 -08:00 |
|
Stanislav Malyshev
|
fc6aa939f5
|
Merge branch 'bug68799' into PHP-5.4
* bug68799:
Fix bug #68799: Free called on unitialized pointer
|
2015-01-20 01:00:11 -08:00 |
|
Daniel Lowrey
|
0a76610459
|
Update NEWS
|
2015-01-14 18:03:27 +01:00 |
|
Daniel Lowrey
|
e2fe8e164f
|
Fixed bug #55618 (use case-insensitive cert name matching)
|
2015-01-14 18:02:50 +01:00 |
|
Stanislav Malyshev
|
2fc178cf44
|
Fix bug #68799: Free called on unitialized pointer
|
2015-01-11 00:51:05 -08:00 |
|
Anatol Belski
|
ebb98e7aeb
|
updated libmagic.patch in 5.4
|
2015-01-04 17:04:13 +01:00 |
|
Anatol Belski
|
ede59c8feb
|
Fixed bug #68735 fileinfo out-of-bounds memory access
|
2015-01-04 14:20:21 +01:00 |
|
Remi Collet
|
919abf0cb1
|
removed dead code
|
2015-01-04 09:40:19 +01:00 |
|
Stanislav Malyshev
|
b585a3aed7
|
Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
|
2015-01-01 16:19:05 -08:00 |
|
Stanislav Malyshev
|
f9ad308669
|
FIx bug #68618 (out of bounds read crashes php-cgi)
|
2014-12-30 01:23:05 -08:00 |
|
Ferenc Kovacs
|
cd387b4575
|
add missing NEWS entry
|
2014-12-17 02:10:36 +01:00 |
|
Stanislav Malyshev
|
8fe4cc6d28
|
5.4.37
|
2014-12-16 11:44:41 -08:00 |
|
Stanislav Malyshev
|
53f129a44d
|
add CVE
|
2014-12-16 10:16:31 -08:00 |
|
Stanislav Malyshev
|
b75867fff0
|
add missing test file
|
2014-12-16 10:15:17 -08:00 |
|