summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* 5.6.40php-5.6.40PHP-5.6.40Ferenc Kovacs2019-01-093-8/+6
|
* 5.6.41 will be next. not reallyPHP-5.6Ferenc Kovacs2019-01-093-5/+7
|
* Fix bug #77418 - Heap overflow in utf32be_mbc_to_codeStanislav Malyshev2019-01-066-5/+25
|
* [ci skip] Add NEWSStanislav Malyshev2019-01-061-0/+22
|
* Fix more issues with encodilng lengthStanislav Malyshev2019-01-066-14/+38
| | | | Should fix bug #77381, bug #77382, bug #77385, bug #77394.
* Fix #77270: imagecolormatch Out Of Bounds Write on HeapChristoph M. Becker2019-01-062-2/+20
| | | | | | | At least some of the image reading functions may return images which use color indexes greater than or equal to im->colorsTotal. We cater to this by always using a buffer size which is sufficient for `gdMaxColors` in `gdImageColorMatch()`.
* Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)Stanislav Malyshev2019-01-062-2/+19
|
* Fix bug #77371 (heap buffer overflow in mb regex functions - ↵Stanislav Malyshev2019-01-062-0/+11
| | | | compile_string_node)
* Fix bug #77370 - check that we do not read past buffer end when parsing ↵Stanislav Malyshev2019-01-062-0/+22
| | | | multibytes
* Fix #77269: Potential unsigned underflow in gdImageScaleChristoph M. Becker2019-01-062-9/+30
| | | | | | Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>
* Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)Stanislav Malyshev2019-01-062-1/+15
|
* Fix bug #77242 (heap out of bounds read in xmlrpc_decode())Stanislav Malyshev2019-01-062-0/+13
|
* Regenerate certs for openssl testsAlexander Kurilo2019-01-025-44/+91
|
* 5.6.40 will be next. probably notFerenc Kovacs2018-12-053-5/+7
|
* Fix null pointer deref in qprint-encode filter (bug #77231)Stanislav Malyshev2018-12-033-1/+16
|
* Fix bug #77143 - add more checks to buffer readsStanislav Malyshev2018-12-035-11/+42
|
* Fix #77020: null pointer dereference in imap_mailStanislav Malyshev2018-12-033-1/+16
| | | | | | If an empty $message is passed to imap_mail(), we must not set message to NULL, since _php_imap_mail() is not supposed to handle NULL pointers (opposed to pointers to NUL).
* Fix TSRM signature - php_stream_stat macro has it's own TSRMStanislav Malyshev2018-12-021-1/+1
|
* Regenerate certificates for openssl testsAlexander Kurilo2018-12-024-73/+58
|
* Improve test for bug77022Stanislav Malyshev2018-12-021-1/+5
|
* Fix bug #77022 - use file mode or umask for new filesStanislav Malyshev2018-12-014-2/+50
|
* Add DISPLAY_INI_ENTRIES for imapStanislav Malyshev2018-11-281-0/+2
|
* Disable rsh/ssh functionality in imap by default (bug #77153)Stanislav Malyshev2018-11-205-0/+53
|
* 5.6.39 will be the nextFerenc Kovacs2018-09-113-5/+7
|
* Update NEWSStanislav Malyshev2018-09-091-0/+3
|
* Fix for bug #76582Stanislav Malyshev2018-09-091-0/+1
| | | | | The brigade seems to end up in a messed up state if something fails in shutdown, so we clean it up.
* 5.6.38 will be nextFerenc Kovacs2018-07-193-5/+7
|
* Add NEWSStanislav Malyshev2018-07-161-0/+9
|
* Fixed bug #76459 windows linkinfo lacks openbasedir checkAnatol Belski2018-07-161-1/+12
|
* Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif dataStanislav Malyshev2018-07-163-1/+83
| | | | Use MAKERNOTE length as data size.
* Fix bug #76423 - Int Overflow lead to Heap OverFlow in ↵Stanislav Malyshev2018-07-163-1/+23
| | | | exif_thumbnail_extract of exif.c
* 5.6.37 will be nextFerenc Kovacs2018-04-243-5/+21
|
* Fix test portabilityAnatol Belski2018-04-241-2/+4
|
* Fix tsrm_lsStanislav Malyshev2018-04-231-1/+1
|
* Merge remote-tracking branch 'security/bug76249' into PHP-5.6Stanislav Malyshev2018-04-232-0/+21
|\ | | | | | | | | | | * security/bug76249: Fix test Fix bug #76249 - fail on invalid sequences
| * Fix testStanislav Malyshev2018-04-221-2/+4
| |
| * Fix bug #76249 - fail on invalid sequencesStanislav Malyshev2018-04-222-0/+19
| |
* | Merge remote-tracking branch 'security/bug76248' into PHP-5.6Stanislav Malyshev2018-04-232-1/+45
|\ \ | | | | | | | | | | | | * security/bug76248: Fix bug #76248 - Malicious LDAP-Server Response causes Crash
| * | Fix bug #76248 - Malicious LDAP-Server Response causes CrashStanislav Malyshev2018-04-222-1/+45
| |/
* | Fix #76129 - remove more potential unfiltered outputs for pharStanislav Malyshev2018-04-2313-16/+14
| |
* | Merge remote-tracking branch 'security/PHP-5.6' into PHP-5.6Stanislav Malyshev2018-04-234-1/+21
|\ \ | |/ |/| | | | | | | * security/PHP-5.6: Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value Fix bug #75981: prevent reading beyond buffer start
| * Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_valueChristoph M. Becker2018-04-224-1/+21
| | | | | | | | | | | | The MakerNote is not necessarily null-terminated, so we must not use `strlen()` to avoid OOB reads. Instead `php_strnlen()` is the proper way to handle this.
| * Fix bug #75981: prevent reading beyond buffer startStanislav Malyshev2018-02-202-2/+34
| |
* | [ci skip] 5.6.36 will be nextFerenc Kovacs2018-03-283-5/+7
| |
* | [ci skip] Update NEWSAnatol Belski2018-03-271-0/+4
| |
* | Do not set PR_SET_DUMPABLE by defaultJakub Zelenka2018-03-274-1/+11
| |
* | 5.6.35 is nextFerenc Kovacs2018-02-273-5/+7
| |
* | [ci skip] Update NEWSAnatol Belski2018-02-271-0/+3
| |
* | Fix bug #75981: prevent reading beyond buffer startStanislav Malyshev2018-02-262-2/+34
| |
* | [ci skip] Set FPM maintainershipStanislav Malyshev2018-02-231-1/+1
|/ | | | | As per http://news.php.net/php.internals/101897, Jakub is officially annointed as new FPM maintainer.
View Lorry Controller Status