- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
-?? ??? 2016 PHP 7.0.10
+18 Aug 2016 PHP 7.0.10
- Core:
. Fixed bug #72629 (Caught exception assignment to variables ignores
(Yuji Uchiyama)
. Fixed potential segfault in object storage freeing in shutdown sequence.
(Bob)
+ . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
+ __wakeup() in Deserialization). (Stas)
+ . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
. Fixed bug #72683 (getmxrr broken). (Anatol)
+ . Fixed bug #72742 (memory allocator fails to realloc small block to large
+ one). (Stas)
+
+- Bz2:
+ . Fixed bug #72837 (integer overflow in bzdecompress caused heap
+ corruption). (Stas)
- Calendar:
. Fixed bug #67976 (cal_days_month() fails for final month of the French
. Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
(Pierrick)
. Fixed bug #71929 (CURLINFO_CERTINFO data parsing error). (Pierrick)
+ . Fixed bug #72674 (Heap overflow in curl_escape). (Stas)
- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
- EXIF:
. Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
+ . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
blendingmode). (cmb)
. Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
. Fixed bug #68712 (suspicious if-else statements). (cmb)
+ . Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
+ . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)
- Intl:
. Fixed bug #72639 (Segfault when instantiating class that extends
. Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
(ju1ius)
+- Mcrypt:
+ . Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas)
+
- Opcache:
. Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
(Keyur)
. Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML
element). (Laruence)
+- SNMP:
+ . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
+ allocation). (djodjo at gmail dot com)
+
- SPL:
. Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VÄ‚LCIU)
. Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
. Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
. Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
non-existent directories). (vhuk)
+ . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
+ attack). (Stas)
- XMLRPC:
. Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing
. Fixed bug #72564 (boolean always deserialized as "true") (Remi)
. Fixed bug #72142 (WDDX Packet Injection Vulnerability in
wddx_serialize_value()). (Taoguang Chen)
-
+ . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
+ . Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
+ . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
+ (Stas)
+ . Fixed bug #72799 (wddx_deserialize null dereference in
+ php_wddx_pop_element). (Stas)
- Zip:
. Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
projects / php / commitdiff