diff options
author | Stanislav Malyshev <stas@php.net> | 2015-08-04 15:22:59 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-08-04 15:22:59 -0700 |
commit | d52c4857178cf30741905469c5a080bbdd973478 (patch) | |
tree | b0bd8f16adac884a2dd151a9e6402573abc05d5a | |
parent | 742c54aecfc4cbc3c0cfccbe4eee1d50946f44d8 (diff) | |
download | php-git-d52c4857178cf30741905469c5a080bbdd973478.tar.gz |
update NEWS
-rw-r--r-- | NEWS | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -5,7 +5,36 @@ PHP NEWS ** PHP 5.5 is in security-only mode , please do not commit to this branch ** - Core: + . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive + method calls). (Stas) + . Fixed bug #69892 (Different arrays compare indentical due to integer key + truncation). (Nikita) . Fixed bug #70002 (TS issues with temporary dir handling). (Anatol) + . Fixed bug #70121 (unserialize() could lead to unexpected methods execution + / NULL pointer deref). (Stas) + +- OpenSSL: + . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically + secure). (Stas) + +- Phar: + . Improved fix for bug #69441. (Anatol Belski) + . Fixed bug #70019 (Files extracted from archive may be placed outside of + destination directory). (Anatol Belski) + +- SOAP: + . Fixed bug #70081 (SoapClient info leak / null pointer dereference via + multiple type confusions). (Stas) + +- SPL: + . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject + items). (sean.heelan) + . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with + SPLArrayObject). (taoguangchen at icloud dot com) + . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with + SplObjectStorage). (taoguangchen at icloud dot com) + . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with + SplDoublyLinkedList). (taoguangchen at icloud dot com) 9 Jul 2015, PHP 5.5.27 |