diff options
author | Lior Kaplan <kaplanlior@gmail.com> | 2016-04-29 13:19:46 +0300 |
---|---|---|
committer | Lior Kaplan <kaplanlior@gmail.com> | 2016-04-29 13:19:46 +0300 |
commit | 26f8ee48d6476b884bc63186051929cb1af28c78 (patch) | |
tree | 180d189faa300671f5ca49a35d4a3e33008fea55 | |
parent | 91fd5406bc875ae238e12215046473bd4f8c4ec7 (diff) | |
download | php-git-26f8ee48d6476b884bc63186051929cb1af28c78.tar.gz |
Add CVE IDs PHP 5.6.13
-rw-r--r-- | NEWS | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -365,9 +365,10 @@ PHP NEWS . Fixed bug #69487 (SAPI may truncate POST data). (cmb) . Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) - . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) + . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). + (CVE-2015-6834) (Stas) . Fixed bug #70219 (Use after free vulnerability in session deserializer). - (taoguangchen at icloud dot com) + (CVE-2015-6835) (taoguangchen at icloud dot com) - CLI server: . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). @@ -407,16 +408,16 @@ PHP NEWS - SOAP: . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). - (Stas) + (CVE-2015-6836) (Stas) - SPL: . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with - SplObjectStorage). (taoguangchen at icloud dot com) + SplObjectStorage). (CVE-2015-6834) (taoguangchen at icloud dot com) . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with - SplDoublyLinkedList). (taoguangchen at icloud dot com) + SplDoublyLinkedList). (CVE-2015-6834) (taoguangchen at icloud dot com) - Standard: . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). @@ -425,11 +426,12 @@ PHP NEWS INI_SCANNER_TYPED). (Tjerk) - XSLT: - . Fixed bug #69782 (NULL pointer dereference). (Stas) + . Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838) + (Stas) - ZIP: . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when - creating directories). (neal at fb dot com) + creating directories). (CVE-2014-9767) (neal at fb dot com) 06 Aug 2015, PHP 5.6.12 |