diff options
| author | Stanislav Malyshev <stas@php.net> | 2014-07-18 16:49:00 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2014-07-18 16:49:00 -0700 |
| commit | 1ffb7fddc233f1f64290c54fde478a5c2be5db99 (patch) | |
| tree | 49cc1a4d9a0af3f8ece0694b2229b910b801e77a | |
| parent | c74efe1b2efd7222b27d36f383623cd19ed0e102 (diff) | |
| download | php-git-1ffb7fddc233f1f64290c54fde478a5c2be5db99.tar.gz | |
update NEWS
| -rw-r--r-- | NEWS | 50 |
1 files changed, 50 insertions, 0 deletions
@@ -2,6 +2,56 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 201?, PHP 5.3.29 +- Core: + . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) + . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) + . Fixed bug #67249 (printf out-of-bounds read). (Stas) + . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) + . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) + . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) + . Fixed bug #67390 (insecure temporary file use in the configure script). + (Remi) (CVE-2014-3981) + . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) + . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type + Confusion) (CVE-2014-3515). (Stefan Esser) + . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). + (Stefan Esser) + +- Date: + . Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712) + (Remi) + . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) + . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) + +- Exif: + . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas) + +- Fileinfo: + . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) + . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary + check). (CVE-2014-0207) + . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). + (CVE-2014-0238) + . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in + performance degradation). (CVE-2014-0237) + . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal + string size). (Francisco Alonso, Jan Kaluza, Remi) + . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary + check). (Francisco Alonso, Jan Kaluza, Remi) + . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). + (Francisco Alonso, Jan Kaluza, Remi) + . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary + check). (Francisco Alonso, Jan Kaluza, Remi) + +- Intl: + . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) + . Fixed bug #67397 (Buffer overflow in locale_get_display_name and + uloc_getDisplayName (libicu 4.8.1)). (Stas) + +- Network: + . Fixed bug #67432 (Fix potential segfault in dns_check_record()). + (CVE-2014-4049). (Sara) + 12 Dec 2013, PHP 5.3.28 - Openssl: |