diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-04-14 00:22:09 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-04-14 00:22:09 -0700 |
| commit | d734e75599593fe552eebf9bf579d73addc75a1e (patch) | |
| tree | 03f7e68aae7517f0ee544aa1d8e2ee044f7154af | |
| parent | aa2eca2e4847439c0eb28dc8c2c3534083807e26 (diff) | |
| download | php-git-d734e75599593fe552eebf9bf579d73addc75a1e.tar.gz | |
update NEWS
| -rw-r--r-- | NEWS | 37 |
1 files changed, 30 insertions, 7 deletions
@@ -1,13 +1,42 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? 2015 PHP 5.4.40 +16 Apr 2015 PHP 5.4.40 + +- Apache2handler: + . Fixed bug #69218 (potential remote code execution with apache 2.4 + apache2handler). (Gerrit Venema) + +- Core: + . Additional fix for bug #69152 (Type confusion vulnerability in + exception::getTraceAsString). (Stas) + . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion + vulnerability). (Stas) + . Fixed bug #69353 (Missing null byte checks for paths in various PHP + extensions). (Stas) + +- cURL: + . Fixed bug #69316 (Use-after-free in php_curl related to + CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence) - Ereg: . Fixed bug #68740 (NULL Pointer Dereference). (Laruence) +- Fileinfo: + . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or + segfault). (Anatol Belski) + - GD: . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi) +- Phar: + . Fixed bug #68901 (use after free). (bugreports at internot dot info) + . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) + . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in + phar_set_inode). (Stas) + +- Postgres: + . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui) + - SOAP: . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (Dmitry) @@ -15,12 +44,6 @@ PHP NEWS - Sqlite3: . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan) -- Phar: - . Fixed bug #68901 (use after free). (bugreports at internot dot info) - -- Postgres: - . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui) - 19 Mar 2015 PHP 5.4.39 - Core: |