From: Stanislav Malyshev Date: Tue, 17 Feb 2015 05:56:20 +0000 (+0100) Subject: Merge branch 'PHP-5.5' into PHP-5.6 X-Git-Tag: PRE_PHP7_EREG_MYSQL_REMOVALS~134^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=78389b29f9b2f8e2ade3a60382d567c839c4118c;p=php Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) Port for for bug #68552 Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - BFN --- 78389b29f9b2f8e2ade3a60382d567c839c4118c diff --cc NEWS index 86ebfd3f59,c4c30e6e22..279439d861 --- a/NEWS +++ b/NEWS @@@ -32,22 -39,17 +32,28 @@@ (Danack at basereality dot com) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) + . Fixed bug #68942 (Use after free vulnerability in unserialize() with + DateTimeZone). (Stas) - -- Date: - . Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick) + . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset + specified by ini_set) (Yasuo) - Dba: . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) ++- Enchant: ++ . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). ++ (Antony) ++ +- JSON: + . Fixed bug #50224 (json_encode() does not always encode a float as a float) + by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso) + - Fileinfo: . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) + . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files + correctly). (Anatol) + . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some + gifs). (Anatol) - FPM: . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)