|
|
|
@ -5,7 +5,36 @@ PHP NEWS |
|
|
|
** PHP 5.5 is in security-only mode , please do not commit to this branch ** |
|
|
|
|
|
|
|
- Core: |
|
|
|
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive |
|
|
|
method calls). (Stas) |
|
|
|
. Fixed bug #69892 (Different arrays compare indentical due to integer key |
|
|
|
truncation). (Nikita) |
|
|
|
. Fixed bug #70002 (TS issues with temporary dir handling). (Anatol) |
|
|
|
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution |
|
|
|
/ NULL pointer deref). (Stas) |
|
|
|
|
|
|
|
- OpenSSL: |
|
|
|
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically |
|
|
|
secure). (Stas) |
|
|
|
|
|
|
|
- Phar: |
|
|
|
. Improved fix for bug #69441. (Anatol Belski) |
|
|
|
. Fixed bug #70019 (Files extracted from archive may be placed outside of |
|
|
|
destination directory). (Anatol Belski) |
|
|
|
|
|
|
|
- SOAP: |
|
|
|
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via |
|
|
|
multiple type confusions). (Stas) |
|
|
|
|
|
|
|
- SPL: |
|
|
|
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject |
|
|
|
items). (sean.heelan) |
|
|
|
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with |
|
|
|
SPLArrayObject). (taoguangchen at icloud dot com) |
|
|
|
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with |
|
|
|
SplObjectStorage). (taoguangchen at icloud dot com) |
|
|
|
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with |
|
|
|
SplDoublyLinkedList). (taoguangchen at icloud dot com) |
|
|
|
|
|
|
|
9 Jul 2015, PHP 5.5.27 |
|
|
|
|
|
|
|
|
Stanislav Malyshev
10 years ago