|
|
|
@ -34,17 +34,51 @@ PHP NEWS |
|
|
|
|
|
|
|
23 Jun 2016, PHP 5.6.23 |
|
|
|
|
|
|
|
- Core: |
|
|
|
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ |
|
|
|
json_utf8_to_utf16()). (Stas) |
|
|
|
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas) |
|
|
|
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) |
|
|
|
|
|
|
|
- GD: |
|
|
|
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas) |
|
|
|
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre) |
|
|
|
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in |
|
|
|
heap overflow). (Pierre) |
|
|
|
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) |
|
|
|
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting |
|
|
|
in heap overflow). (Pierre) |
|
|
|
|
|
|
|
- Intl: |
|
|
|
. Fixed bug #70484 (selectordinal doesn't work with named parameters). |
|
|
|
(Anatol) |
|
|
|
|
|
|
|
- mbstring: |
|
|
|
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) |
|
|
|
|
|
|
|
- mcrypt: |
|
|
|
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas) |
|
|
|
|
|
|
|
- Phar: |
|
|
|
. Fixed bug #72321 (invalid free in phar_extract_file()). |
|
|
|
(hji at dyntopia dot com) |
|
|
|
|
|
|
|
- SPL: |
|
|
|
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas) |
|
|
|
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and |
|
|
|
unserialize). (Dmitry) |
|
|
|
|
|
|
|
- OpenSSL: |
|
|
|
. Fixed bug #72140 (segfault after calling ERR_free_strings()). |
|
|
|
(Jakub Zelenka) |
|
|
|
|
|
|
|
- WDDX: |
|
|
|
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas) |
|
|
|
|
|
|
|
- zip: |
|
|
|
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC |
|
|
|
algorithm and unserialize). (Dmitry) |
|
|
|
|
|
|
|
26 May 2016, PHP 5.6.22 |
|
|
|
|
|
|
|
- Core: |
|
|
|
|
Ferenc Kovacs
10 years ago