diff options
| author | Lior Kaplan <kaplanlior@gmail.com> | 2016-06-25 20:28:51 +0300 |
|---|---|---|
| committer | Lior Kaplan <kaplanlior@gmail.com> | 2016-06-25 20:28:51 +0300 |
| commit | 6bd527771c9bbe8827b5579c440c9d04a794adfd (patch) | |
| tree | 9116043907d5ae2a2ba3257fdcc97a586ff1768f | |
| parent | 02c24be8e4ab9b871a345b9bc40bd0907ac1c5c3 (diff) | |
| download | php-git-6bd527771c9bbe8827b5579c440c9d04a794adfd.tar.gz | |
Add CVE info for PHP 5.6.23
| -rw-r--r-- | NEWS | 30 |
1 files changed, 17 insertions, 13 deletions
@@ -45,42 +45,46 @@ PHP NEWS . Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874) (cmb) . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas) - . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre) + . Fixed bug #72337 (invalid dimensions can lead to crash). (Pierre) . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in - heap overflow). (Pierre) + heap overflow). (CVE-2016-5766) (Pierre) . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting - in heap overflow). (Pierre) + in heap overflow). (CVE-2016-5767) (Pierre) - Intl: . Fixed bug #70484 (selectordinal doesn't work with named parameters). (Anatol) - mbstring: - . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) + . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). + (CVE-2016-5768) (Stas) - mcrypt: - . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas) + . Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769) + (Stas) + +- OpenSSL: + . Fixed bug #72140 (segfault after calling ERR_free_strings()). + (Jakub Zelenka) - Phar: . Fixed bug #72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com) - SPL: - . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas) + . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). + (CVE-2016-5770) (Stas) . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and - unserialize). (Dmitry) - -- OpenSSL: - . Fixed bug #72140 (segfault after calling ERR_free_strings()). - (Jakub Zelenka) + unserialize). (CVE-2016-5771) (Dmitry) - WDDX: - . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas) + . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). + (CVE-2016-5772) (Stas) - zip: . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC - algorithm and unserialize). (Dmitry) + algorithm and unserialize). (CVE-2016-5773) (Dmitry) 26 May 2016, PHP 5.6.22 |