diff options
author | Stanislav Malyshev <stas@php.net> | 2015-09-01 11:53:59 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-09-01 11:53:59 -0700 |
commit | 7ceb0e3a186782ba007dfd4e867d7eed70437740 (patch) | |
tree | 9a62f752a6356061792a4a641441d13c35bc75a1 | |
parent | 48cfd1160b4667115f33c4398215759d5e0643d8 (diff) | |
download | php-git-7ceb0e3a186782ba007dfd4e867d7eed70437740.tar.gz |
add NEWS for fixes
-rw-r--r-- | NEWS | 36 |
1 files changed, 35 insertions, 1 deletions
@@ -1,6 +1,40 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? 2015 PHP 5.4.45 +03 Sep 2015 PHP 5.4.45 + +- Core: + . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) + . Fixed bug #70219 (Use after free vulnerability in session deserializer). + (taoguangchen at icloud dot com) + +- EXIF: + . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte + value of 32 bytes). (Stas) + +- hash: + . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee + at naver dot com) + +- PCRE: + . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). + (Anatol Belski) + +- SOAP: + . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). + (Stas) + +- SPL: + . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with + SplObjectStorage). (taoguangchen at icloud dot com) + . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with + SplDoublyLinkedList). (taoguangchen at icloud dot com) + +- XSLT: + . Fixed bug #69782 (NULL pointer dereference). (Stas) + +- ZIP: + . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when + creating directories). (neal at fb dot com) 06 Aug 2015 PHP 5.4.44 |