PHP 3 ChangeLog

Ausführung 5.4.45 Herunterladen

03 Sep 2015

  • Core:
    • Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (CVE-2015-6834)
    • Fixed bug #70219 (Use after free vulnerability in session deserializer). (CVE-2015-6835)
  • EXIF:
    • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
  • hash:
    • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
  • PCRE:
    • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
  • SOAP:
    • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (CVE-2015-6836)
  • SPL:
    • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)
    • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)
  • XSLT:
    • Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
  • ZIP:
    • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)
Ausführung 5.4.44 Herunterladen

06 Aug 2015

  • Core:
    • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
    • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
    • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).
  • OpenSSL:
    • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
  • Phar:
    • Improved fix for bug #69441.
    • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). (CVE-2015-6833)
  • SOAP:
    • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).
  • SPL:
    • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). (CVE-2015-6832)
    • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). (CVE-2015-6831)
    • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6831)
    • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6831)
Ausführung 5.4.43 Herunterladen

09 Jul 2015

  • Core:
    • Fixed bug #69768 (escapeshell*() doesn't cater to !).
    • Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776.
  • Mysqlnd:
    • Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
  • Phar:
    • Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
    • Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
Ausführung 5.4.42 Herunterladen

11 Jun 2015

  • Core:
    • Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
    • Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
    • Fixed bug #69719 (Incorrect handling of paths with NULs). (CVE-2015-4598)
  • Litespeed SAPI:
    • Fixed bug #68812 (Unchecked return value).
  • Mail:
    • Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers).
  • Postgres:
    • Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644)
  • Sqlite3:
    • Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)
Ausführung 5.4.41 Herunterladen

14 May 2015

  • Core:
    • Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024)
    • Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
    • Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
    • Fixed bug #69522 (heap buffer overflow in unpack()).
  • FTP:
    • Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)
  • PCNTL:
    • Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
  • PCRE:
    • Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
  • Phar:
    • Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)
Ausführung 5.4.40 Herunterladen

16 Apr 2015

  • Apache2handler:
    • Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
  • Core:
    • Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
    • Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
    • Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (CVE-2015-3411, CVE-2015-3412)
  • cURL:
    • Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
  • Ereg:
    • Fixed bug #68740 (NULL Pointer Dereference).
  • Fileinfo:
    • Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (CVE-2015-4604, CVE-2015-4605)
  • GD:
    • Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
  • Phar:
    • Fixed bug #68901 (use after free). (CVE-2015-2301)
    • Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783, CVE-2015-3307)
    • Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
  • Postgres:
    • Fixed bug #68741 (Null pointer deference). (CVE-2015-1352)
  • SOAP:
    • Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (CVE-2015-4599)
    • Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
  • Sqlite3:
    • Fixed bug #66550 (SQLite prepared statement use-after-free).
Ausführung 5.4.39 Herunterladen

19 Mar 2015

  • Core:
    • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
    • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
    • Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
  • Ereg:
    • Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
  • SOAP:
    • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)
  • ZIP:
    • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)
Ausführung 5.4.38 Herunterladen

19 Feb 2015

  • Core:
    • Removed support for multi-line headers, as they are deprecated by RFC 7230.
    • Added NULL byte protection to exec, system and passthru.
    • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
    • Fixed bug #67827 (broken detection of system crypt sha256/sha512 support).
    • Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
  • Enchant:
    • Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (CVE-2014-9705)
  • SOAP:
    • Fixed bug #67427 (SoapServer cannot handle large messages).
Ausführung 5.4.37 Herunterladen

22 Jan 2015

  • Core:
    • Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
  • CGI:
    • Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
  • EXIF:
    • Fixed bug #68799 (Free called on uninitialized pointer). (CVE-2015-0232)
  • Fileinfo:
    • Removed readelf.c and related code from libmagic sources.
    • Fixed bug #68735 (fileinfo out-of-bounds memory access). (CVE-2014-9652)
  • OpenSSL:
    • Fixed bug #55618 (use case-insensitive cert name matching).
Ausführung 5.4.36 Herunterladen

18 Dec 2014

  • Core:
    • Upgraded crypt_blowfish to version 1.3.
    • Fixed bug #68545 (NULL pointer dereference in unserialize.c).
    • Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
  • Mcrypt:
    • Fixed possible read after end of buffer and use after free.
Ausführung 5.4.35 Herunterladen

13 Nov 2014

  • Core:
    • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
  • Fileinfo:
    • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
  • GMP:
    • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
  • PDO_pgsql:
    • Fixed bug #66584 (Segmentation fault on statement deallocation).
Ausführung 5.4.34 Herunterladen

16 Oct 2014

  • Fileinfo:
    • Fixed bug #66242 (libmagic: don't assume char is signed).
  • Core:
    • Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
    • Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
  • cURL:
    • Fixed bug #68089 (NULL byte injection - cURL lib).
  • EXIF:
    • Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
  • OpenSSL:
    • Reverted fixes for bug #41631, due to regressions.
  • XMLRPC:
    • Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
Ausführung 5.4.33 Herunterladen

18 Sep 2014

  • Core:
    • Fixed bug #47358 (glob returns error, should be empty array()).
    • Fixed bug #65463 (SIGSEGV during zend_shutdown()).
    • Fixed bug #66036 (Crash on SIGTERM in apache process).
  • OpenSSL:
    • Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
  • Date:
    • Fixed bug #66091 (memory leaks in DateTime constructor).
  • FPM:
    • Fixed bug #67606 (FPM with mod_fastcgi/apache2.4 is broken).
  • GD:
    • Made fontFetch's path parser thread-safe.
  • Wddx:
    • Fixed bug #67873 (Segfaults in php_wddx_serialize_var).
  • Zlib:
    • Fixed bug #67724 (chained zlib filters silently fail with large amounts of data).
    • Fixed bug #67865 (internal corruption phar error).
Ausführung 5.4.32 Herunterladen

21 Aug 2014

  • Core:
    • Fixed bug #67717 (segfault in dns_get_record) (CVE-2014-3597).
    • Fixed bug #67693 (incorrect push to the empty array)
  • COM:
    • Fixed missing type checks in com_event_sink.
  • Fileinfo:
    • Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
    • Fixed bug #67716 (Segfault in cdf.c) (CVE-2014-3587).
  • GD:
    • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
    • Fixed bug #67730 (Null byte injection possible with imagexxx functions) (CVE-2014-5120).
  • Milter:
    • Fixed bug #67715 (php-milter does not build and crashes randomly).
  • OpenSSL:
    • Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
  • Readline:
    • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
    • Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
  • Sessions:
    • Fixed missing type checks in php_session_create_id.
  • SPL:
    • Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting) (CVE-2014-4698).
    • Fixed bug #67538 (SPL Iterators use-after-free) (CVE-2014-4670).
  • ODBC:
    • Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields).
Ausführung 5.4.31 Herunterladen

24 Jul 2014

  • Core:
    • Fixed bug #67428 (header('Location: foo') will override a 308-399 response code).
    • Fixed bug #67436 (Autoloader isn't called if two method definitions don't match).
    • Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
    • Fixed bug #67151 (strtr with empty array crashes).
    • Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).
  • CLI server:
    • Implemented FR #67429 (CLI server is missing some new HTTP response codes).
    • Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
  • FPM:
    • Fixed bug #67530 (error_log=syslog ignored).
    • Fixed bug #67531 (syslog cannot be set in pool configuration).
  • Intl:
    • Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
  • pgsql:
    • Fixed bug #67550 (Error in code 'form' instead of 'from', pgsql.c, line 756), which affected builds against libpq
  • Phar:
    • Fixed bug #67587 (Redirection loop on nginx with FPM).
  • Streams:
    • Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects).
Ausführung 5.4.30 Herunterladen

26 Jun 2014

  • Core:
    • Fixed BC break introduced by patch for bug #67072.
    • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases).
    • Fixed bug #67390 (insecure temporary file use in the configure script) (CVE-2014-3981).
    • Fixed bug #67399 (putenv with empty variable may lead to crash).
    • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)
  • CLI server:
    • Fixed bug #67406 (built-in web-server segfaults on startup).
  • Date:
    • Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
    • Fixed regression in fix for bug #67118 (constructor can't be called twice).
  • Fileinfo:
    • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check) (CVE-2014-0207).
    • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size) (CVE-2014-3478).
    • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check) (CVE-2014-3479).
    • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check) (CVE-2014-3480).
    • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check) (CVE-2014-3487).
  • Intl:
    • Fixed bug #67349 (Locale::parseLocale Double Free).
    • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
  • Network:
    • Fixed bug #67432 (Fix potential segfault in dns_get_record()) (CVE-2014-4049).
  • OpenSSL:
    • Fixed bug #65698 (certificates validity parsing does not work past 2050).
    • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
  • SOAP:
    • Implemented FR #49898 (Add SoapClient::__getCookies()).
  • SPL:
    • Fixed bug #66127 (Segmentation fault with ArrayObject unset).
    • Fixed bug #67359 (Segfault in recursiveDirectoryIterator).
    • Fixed bug #67360 (Missing element after ArrayObject::getIterator).
    • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
Ausführung 5.4.29 Herunterladen

29 May 2014

  • COM:
    • Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)).
  • Core:
    • Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()).
    • Fixed bug #67072 (Echoing unserialized 'SplFileObject' crash).
    • Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c).
    • Fixed bug #67247 (spl_fixedarray_resize integer overflow).
    • Fixed bug #67249 (printf out-of-bounds read).
    • Fixed bug #67250 (iptcparse out-of-bounds read).
    • Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
  • Fileinfo:
    • Fixed bug #66307 (Fileinfo crashes with powerpoint files).
    • Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
    • Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
  • Date:
    • Fixed bug #67118 (DateTime constructor crash with invalid data).
    • Fixed bug #67251 (date_parse_from_format out-of-bounds read).
    • Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read).
  • DOM:
    • Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset).
  • FPM:
    • Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
  • Phar:
    • Fixed bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name).
Ausführung 5.4.28 Herunterladen

01 May 2014

  • Core:
    • Fixed bug #61019 (Out of memory on command stream_get_contents).
    • Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).
    • Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
    • Fixed bug #66182 (exit in stream filter produces segfault).
    • Fixed bug #66736 (fpassthru broken).
    • Fixed bug #67024 (getimagesize should recognize BMP files with negative height).
  • cURL:
    • Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
  • Date:
    • Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied).
  • Embed:
    • Fixed bug #65715 (php5embed.lib isn't provided anymore).
  • Fileinfo:
    • Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
  • FPM:
    • Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
    • Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185).
  • JSON:
    • Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).
  • LDAP:
    • Fixed issue with null bytes in LDAP bindings.
  • OpenSSL:
    • Fixed bug #66942 (memory leak in openssl_seal()).
    • Fixed bug #66952 (memory leak in openssl_open()).
  • SimpleXML:
    • Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
  • XSL:
    • Fixed bug #53965 ( cannot find files with relative paths when loaded with 'file://').
  • Apache2 Handler SAPI:
    • Fixed Apache log issue caused by APR's lack of support for %zu (APR issue 56120).
Ausführung 5.4.27 Herunterladen

03 Apr 2014

  • Core:
    • Fixed bug #60602 (proc_open() changes environment array)
  • Fileinfo:
    • Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345)
  • FPM:
    • Added clear_env configuration directive to disable clearenv() call.
  • GMP:
    • Fixed bug #66872 (invalid argument crashes gmp_testbit)
  • Mail:
    • Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script)
  • MySQLi:
    • Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
  • Openssl:
    • Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1)
Ausführung 5.4.26 Herunterladen

06 Mar 2014

  • Date:
    • Fixed bug #44780 (some time zone offsets not recognized by timezone_name_from_abbr)
    • Fixed bug #45543 (DateTime::setTimezone can not set timezones without ID)
  • JSON:
    • Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
  • Fileinfo:
    • Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943).
    • Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270).
  • LDAP:
    • Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
  • Openssl:
    • Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
  • Pgsql:
    • Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().
Ausführung 5.4.25 Herunterladen

06 Feb 2014

  • Core:
    • Fixed bug #66286 (Incorrect object comparison with inheritance).
    • Fixed bug #66509 (copy() arginfo has changed starting from 5.4).
  • mysqlnd:
    • Fixed bug #66283 (Segmentation fault after memory_limit).
  • PDO_pgsql:
    • Fixed bug #62479 (PDO-psql cannot connect if password contains spaces).
  • Session:
    • Fixed bug #66481 (Calls to session_name() segfault when session.name is null).
Ausführung 5.4.24 Herunterladen

09 Jan 2014

  • Core:
    • Added validation of class names in the autoload process.
    • Fixed invalid C code in zend_strtod.c.
    • Fixed bug #61645 (fopen and O_NONBLOCK).
  • Date:
    • Fixed bug #66060 (Heap buffer over-read in DateInterval, CVE-2013-6712).
    • Fixed bug #63391 (Incorrect/inconsistent day of week prior to the year 1600).
    • Fixed bug #61599 (Wrong Day of Week).
  • DOM:
    • Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
  • Exif:
    • Fixed bug #65873 (Integer overflow in exif_read_data()).
  • Filter:
    • Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer).
  • GD:
    • Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
  • PDO_odbc:
    • Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
  • SNMP:
    • Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
  • XSL:
    • Fixed bug #49634 (Segfault throwing an exception in a XSL registered function).
  • ZIP:
    • Fixed bug #66321 (ZipArchive::open() ze_obj->filename_len not real).
Ausführung 5.4.23 Herunterladen

12 Dec 2013

  • Core:
    • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string).
    • Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
  • JSON:
    • Fixed whitespace part of #64874 ('json_decode handles whitespace and case-sensitivity incorrectly').
  • MySQLi:
    • Fixed bug #66043 (Segfault calling bind_param() on mysqli).
  • mysqlnd:
    • Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i').
    • Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query).
  • OpenSSL:
    • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
  • PDO:
    • Fixed bug #65946 (sql_parser permanently converts values bound to strings).
Ausführung 5.4.22 Herunterladen

14 Nov 2013

  • Core:
    • Fixed bug #65911 (scope resolution operator - strange behavior with $this).
  • CLI server:
    • Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding).
  • Exif:
    • Fixed crash on unknown encoding.
  • FTP:
    • Fixed bug #65667 (ftp_nb_continue produces segfault).
  • ODBC:
    • Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
  • Sockets:
    • Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
  • Standard:
    • Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).
  • XMLReader:
    • Fixed bug #51936 (Crash with clone XMLReader).
    • Fixed bug #64230 (XMLReader does not suppress errors).
Ausführung 3.0.x Herunterladen