alt-php56-5.6.27-1

  • (core) 73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c;
  • (core) 73058: crypt broken when salt is 'too' long;
  • (core) 72703: Out of bounds global memory read in BF_crypt triggered by password_verify;
  • (core) 73189: Memcpy negative size parameter php_resolve_path;
  • (core) 73147: Use After Free in unserialize();
  • (bcmath) 73190: memcpy negative parameter _bc_new_num_ex;
  • (dom) 73150: missing NULL check in dom_document_save_html;
  • (ereg) [73284|https://bugs.php.net/73150}: heap overflow in php_ereg_replace function;
  • (filter) 72972: Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE;
  • (filter) 67167: Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE;
  • (filter) 73054: default option ignored when object passed to int filter;
  • (gd) 67325: imagetruecolortopalette: white is duplicated in palette;
  • (gd) 50194: imagettftext broken on transparent background w/o alphablending;
  • (gd) 73003: Integer Overflow in gdImageWebpCtx of gd_webp.c;
  • (gd) 53504: imagettfbbox gives incorrect values for bounding box;
  • (gd) 73157: imagegd2() ignores 3rd param if 4 are given;
  • (gd) 73155: imagegd2() writes wrong chunk sizes on boundaries;
  • (gd) 73159: imagegd2(): unrecognized formats may result in corrupted files;
  • (gd) 73161: imagecreatefromgd2() may leak memory;
  • (intl) 73218: add mitigation for ICU int overflow;
  • (imap) 73208: integer overflow in imap_8bit caused heap corruption;
  • (mbstring) 72994: mbc_to_code() out of bounds read;
  • (mbstring) 66964: mb_convert_variables() cannot detect recursion;
  • (mbstring) 72992: mbstring.internal_encoding doesn't inherit default_charset;
  • (mbstring) 73082: string length overflow in mb_encode_* function;
  • (pcre) 73174: heap overflow in php_pcre_replace_impl;
  • (opcache) 72590: Opcache restart with kill_all_lockers does not work;
  • (openssl) 73072: Invalid path SNI_server_certs causes segfault;
  • (openssl) 73275: crash in openssl_encrypt function;
  • (openssl) 73276: crash in openssl_random_pseudo_bytes function;
  • (session): 68015: Session does not report invalid uid for files save handler;
  • (session): 73100: session_destroy null dereference in ps_files_path_create;
  • (simplexml) 73293: NULL pointer dereference in SimpleXMLElement::asXML();
  • (spl) 73073: CachingIterator null dereference when convert to string;
  • (standard) 73240: Write out of bounds at number_format;
  • (standard) 73017: memory corruption in wordwrap function;
  • (stream) 73069: readfile() mangles files larger than 2G;
  • (zip) 70752: Depacking with wrong password leaves 0 length files.

alt-php70-7.0.12-1

  • #73025 : (core) Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c;
  • #72703 : (core) Out of bounds global memory read in BF_crypt triggered by password_verify;
  • #73058 : (core) crypt broken when salt is 'too' long;
  • #69579 : (core) Invalid free in extension trait;
  • #73156 : (core) segfault on undefined function;
  • #73163 : (core) PHP hangs if error handler throws while accessing undef const in default value;
  • #73172 : (core) parse error: Invalid numeric literal;
  • #73240 : (core) Write out of bounds at number_format;
  • #73147 : (core) Use After Free in PHP7 unserialize();
  • #73189 : (core) Memcpy negative size parameter php_resolve_path;
  • #73190 : (bcmath) memcpy negative parameter _bc_new_num_ex;
  • #73126 : (com) Cannot pass parameter 1 by reference;
  • #73091 : (date) Unserializing DateInterval object may lead to __toString invocation;
  • #73150 : (dom) missing NULL check in dom_document_save_html;
  • #72972 : (filter) Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE;
  • #73054 : (filter) default option ignored when object passed to int filter;
  • #67325 : (gd) imagetruecolortopalette: white is duplicated in palette;
  • #50194 : (gd) imagettftext broken on transparent background w/o alphablending;
  • #73003 : (gd) Integer Overflow in gdImageWebpCtx of gd_webp.c;
  • #53504 : (gd) imagettfbbox gives incorrect values for bounding box;
  • #73157 : (gd) imagegd2() ignores 3rd param if 4 are given;
  • #73155 : (gd) imagegd2() writes wrong chunk sizes on boundaries;
  • #73159 : (gd) imagegd2(): unrecognized formats may result in corrupted files;
  • #73161 : (gd) imagecreatefromgd2() may leak memory;
  • #73218 : (intl) add mitigation for ICU int overflow;
  • #66797 : (mbstring) mb_substr only takes 32-bit signed integer;
  • #66964 : (mbstring) mb_convert_variables() cannot detect recursion;
  • #72992 : (mbstring) mbstring.internal_encoding doesn't inherit default_charset;
  • #72489 : (mysqlnd) PHP Crashes When Modifying Array Containing MySQLi Result Data;
  • #72982 : (opcache) Memory leak in zend_accel_blacklist_update_regexp() function;
  • #73072 : (openssl) Invalid path SNI_server_certs causes segfault;
  • #73276 : (openssl) crash in openssl_random_pseudo_bytes function;
  • #73275 : (openssl) crash in openssl_encrypt function;
  • #73121 : (pcre) Bundled PCRE doesn't compile because JIT isn't supported on s390;
  • #73174 : (pcre) heap overflow in php_pcre_replace_impl;
  • #72414 : (pdo_dblib) Never quote values as raw binary data;
  • (pdo_dblib) Allow \PDO::setAttribute() to set query timeouts;
  • (pdo_dblib) Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions;
  • (pdo_dblib) Add common PDO test suite;
  • (pdo_dblib) Free error and message strings when cleaning up PDO instances;
  • (pdo_dblib) Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched;
  • (pdo_dblib) Ignore potentially misleading dberr values;
  • #72996 : (phpdbg) phpdbg_prompt.c undefined reference to DL_LOAD;
  • (phpdbg) Fixed next command not stopping when leaving function;
  • #68015 : (session) Session does not report invalid uid for files save handler;
  • #73100 : (session) session_destroy null dereference in ps_files_path_create;
  • #73293 : (simplexml) NULL pointer dereference in SimpleXMLElement::asXML();
  • #71711 : (soap) Soap Server Member variables reference bug;
  • #71996 : (soap) Using references in arrays doesn't work like expected;
  • #73257 : (spl) Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key;
  • #70752 : (zip) Depacking with wrong password leaves 0 length files;
  • updated bundled SQLite3 to 3.14.2.


Tuesday, October 18, 2016



« Retour