. Fixed bug #69487 (SAPI may truncate POST data). (cmb)
. Fixed bug #70198 (Checking liveness does not work as expected).
(Shafreeck Sea, Anatol Belski)
- . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
+ . Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
+ (CVE-2015-6834) (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
- (taoguangchen at icloud dot com)
+ (CVE-2015-6835) (taoguangchen at icloud dot com)
- CLI server:
. Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
- (Stas)
+ (CVE-2015-6836) (Stas)
- SPL:
. Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
- SplObjectStorage). (taoguangchen at icloud dot com)
+ SplObjectStorage). (CVE-2015-6834) (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
- SplDoublyLinkedList). (taoguangchen at icloud dot com)
+ SplDoublyLinkedList). (CVE-2015-6834) (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
INI_SCANNER_TYPED). (Tjerk)
- XSLT:
- . Fixed bug #69782 (NULL pointer dereference). (Stas)
+ . Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
+ (Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
- creating directories). (neal at fb dot com)
+ creating directories). (CVE-2014-9767) (neal at fb dot com)
06 Aug 2015, PHP 5.6.12
projects / php / commitdiff