summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRemi Collet <remi@php.net>2019-07-30 09:26:50 +0200
committerRemi Collet <remi@php.net>2019-07-30 09:26:50 +0200
commitb29ecec4efdf9d53c05a66223062971caf1594e9 (patch)
tree45b5354c474d008507705b6ce52c6b2b6981d87a
parent284fb08fdc7465db6ed550b088bc0e7d38ddac4e (diff)
downloadphp-git-b29ecec4efdf9d53c05a66223062971caf1594e9.tar.gz
add security NEW entries + reorder [ci skip]
-rw-r--r--NEWS37
1 files changed, 23 insertions, 14 deletions
diff --git a/NEWS b/NEWS
index d8181a7028..4103d76188 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,15 @@ PHP NEWS
01 Aug 2019, PHP 7.2.21
+- Date:
+ . Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
+
+- EXIF:
+ . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
+ (CVE-2019-11042) (Stas)
+ . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
+ (CVE-2019-11041) (Stas)
+
- Fileinfo:
. Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
(Joshua Westerheide)
@@ -32,20 +41,6 @@ PHP NEWS
- FTP:
. Fixed bug #77124 (FTP with SSL memory leak). (Nikita)
-- PDO_Sqlite:
- . Fixed bug #78192 (SegFault when reuse statement after schema has changed).
- (Vincent Quatrevieux)
-
-- SQLite:
- . Upgraded to SQLite 3.28.0. (cmb)
-
-- XMLRPC:
- . Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
- (Asher Baker)
-
-- Date:
- . Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
-
- Libxml:
. Fixed bug #78279 (libxml_disable_entity_loader settings is shared between
requests (cgi-fcgi)). (Nikita)
@@ -68,14 +63,28 @@ PHP NEWS
. Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
(Andrew Collington)
+- Phar:
+ . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
+
- Phpdbg:
. Fixed bug #78297 (Include unexistent file memory leak). (Nikita)
+- PDO_Sqlite:
+ . Fixed bug #78192 (SegFault when reuse statement after schema has changed).
+ (Vincent Quatrevieux)
+
+- SQLite:
+ . Upgraded to SQLite 3.28.0. (cmb)
+
- Standard:
. Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
(cmb)
. Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)
+- XMLRPC:
+ . Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
+ (Asher Baker)
+
04 Jul 2019, PHP 7.2.20
- Core: