summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'PHP-5.6'PHP-5.4Matteo Beccati2015-09-021-0/+2
| | | | | * PHP-5.6: Added missing skipif for phar+zlib test
* bump versionStanislav Malyshev2015-09-013-4/+6
|
* fix unit testsStanislav Malyshev2015-09-013-3/+3
|
* add NEWS for fixesStanislav Malyshev2015-09-011-1/+35
|
* Merge branch 'PHP-5.4.45' into PHP-5.4Stanislav Malyshev2015-09-0124-877/+1018
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4.45: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782
| * Improve fix for #70172Stanislav Malyshev2015-09-013-1/+72
| |
| * Fix bug #70312 - HAVAL gives wrong hashes in specific casesStanislav Malyshev2015-09-012-5/+23
| |
| * fix testStanislav Malyshev2015-09-011-1/+1
| |
| * add testStanislav Malyshev2015-09-011-0/+50
| |
| * Fix bug #70366 - use-after-free vulnerability in unserialize() with ↵Stanislav Malyshev2015-09-013-1/+56
| | | | | | | | SplDoublyLinkedList
| * Fix bug #70365 - use-after-free vulnerability in unserialize() with ↵Stanislav Malyshev2015-09-012-0/+52
| | | | | | | | SplObjectStorage
| * Fix bug #70172 - Use After Free Vulnerability in unserialize()Stanislav Malyshev2015-08-314-42/+121
| |
| * Fix bug #70388 - SOAP serialize_function_call() type confusionStanislav Malyshev2015-08-312-44/+69
| |
| * Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when ↵Stanislav Malyshev2015-08-302-39/+72
| | | | | | | | creating directories
| * Improve fix for #70385Stanislav Malyshev2015-08-291-2/+2
| |
| * Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)Stanislav Malyshev2015-08-282-76/+100
| |
| * Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte ↵Stanislav Malyshev2015-08-281-104/+104
| | | | | | | | value of 32 bytes)
| * Fix bug #70219 (Use after free vulnerability in session deserializer)Stanislav Malyshev2015-08-236-498/+228
| |
| * Fix for bug #69782Stanislav Malyshev2015-08-161-69/+73
| |
* | Add CVE IDs asigned (post release) to PHP 5.4.43Lior Kaplan2015-08-101-3/+4
| |
* | Add CVE IDs asigned to #69085 (PHP 5.4.39)Lior Kaplan2015-08-101-1/+1
|/
* 5.4.45 nextStanislav Malyshev2015-08-043-5/+7
|
* fix testStanislav Malyshev2015-08-041-2/+2
|
* __wakeup doesn't have to be finalStanislav Malyshev2015-08-041-1/+1
|
* fix testStanislav Malyshev2015-08-041-4/+7
|
* update NEWSStanislav Malyshev2015-08-041-2/+30
|
* Merge branch 'PHP-5.4' into PHP-5.4.44Stanislav Malyshev2015-08-044-9/+21
|\ | | | | | | | | | | * PHP-5.4: Fixed bug #69892 Adjust Git-Rules
| * Fixed bug #69892Nikita Popov2015-08-013-3/+15
| |
| * Adjust Git-RulesJulien Pauli2015-07-291-6/+6
| |
* | Fix bug #70019 - limit extracted files to given directoryStanislav Malyshev2015-08-043-4/+68
| |
* | Do not do convert_to_* on unserialize, it messes up referencesStanislav Malyshev2015-08-043-79/+85
| |
* | Fix #69793 - limit what we accept when unserializing exceptionStanislav Malyshev2015-08-013-0/+46
| |
* | Fixed bug #70169 (Use After Free Vulnerability in unserialize() with ↵Stanislav Malyshev2015-08-012-12/+43
| | | | | | | | SplDoublyLinkedList)
* | Fixed bug #70166 - Use After Free Vulnerability in unserialize() with ↵Stanislav Malyshev2015-08-012-0/+32
| | | | | | | | SPLArrayObject
* | ignore signatures for packages tooStanislav Malyshev2015-08-012-3/+22
| |
* | Fix bug #70168 - Use After Free Vulnerability in unserialize() with ↵Stanislav Malyshev2015-08-012-33/+54
| | | | | | | | SplObjectStorage
* | Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytesStanislav Malyshev2015-07-261-4/+2
| |
* | Improved fix for Bug #69441Stanislav Malyshev2015-07-261-5/+8
| |
* | Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)Stanislav Malyshev2015-07-262-43/+56
| |
* | Fix bug #70121 (unserialize() could lead to unexpected methods execution / ↵Stanislav Malyshev2015-07-262-8/+18
| | | | | | | | NULL pointer deref)
* | Fix bug #70081: check types for SOAP variablesStanislav Malyshev2015-07-261-10/+13
|/
* 5.4.44 nextStanislav Malyshev2015-07-073-4/+6
|
* Better fix for bug #69958Stanislav Malyshev2015-07-072-9/+15
|
* update newsStanislav Malyshev2015-07-071-1/+10
|
* Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)Stanislav Malyshev2015-07-071-25/+40
|
* Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepathStanislav Malyshev2015-07-071-2/+8
|
* Fix bug #69958 - Segfault in Phar::convertToData on invalid fileStanislav Malyshev2015-07-073-34/+50
|
* add missing second argument for ucfirst to the protoFerenc Kovacs2015-07-071-1/+1
|
* Merge branch 'pull-request/1350' into PHP-5.4Stanislav Malyshev2015-06-284-3/+90
|\ | | | | | | | | | | * pull-request/1350: Move strlen() check to php_mail_detect_multiple_crlf() Fixed Bug #69874 : Can't set empty additional_headers for mail()
| * Move strlen() check to php_mail_detect_multiple_crlf()Yasuo Ohgaki2015-06-191-2/+2
| |
View Lorry Controller Status