diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-08-04 15:29:13 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-08-04 15:29:13 -0700 |
| commit | ed709d5aa01375beb7e0b408c4027bbb9cfb52b6 (patch) | |
| tree | c5e62c1dfd5913b0dddefbe6c697ebb2967efe51 /sapi/phpdbg/phpdbg_utils.c | |
| parent | 8d31e463a0a310599f55b53443f14ebc05e9cd32 (diff) | |
| parent | d52c4857178cf30741905469c5a080bbdd973478 (diff) | |
| download | php-git-ed709d5aa01375beb7e0b408c4027bbb9cfb52b6.tar.gz | |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
Diffstat (limited to 'sapi/phpdbg/phpdbg_utils.c')
0 files changed, 0 insertions, 0 deletions