]>
granicus.if.org Git - php/log
Stanislav Malyshev [Mon, 18 Jul 2016 07:17:48 +0000 (00:17 -0700)]
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Stanislav Malyshev [Sun, 17 Jul 2016 23:34:21 +0000 (16:34 -0700)]
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Stanislav Malyshev [Wed, 13 Jul 2016 06:27:45 +0000 (23:27 -0700)]
Fix bug #72562 - destroy var_hash properly
Stanislav Malyshev [Wed, 13 Jul 2016 05:37:36 +0000 (22:37 -0700)]
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Stanislav Malyshev [Wed, 13 Jul 2016 05:03:40 +0000 (22:03 -0700)]
Fix fir bug #72520
Stanislav Malyshev [Wed, 13 Jul 2016 04:48:00 +0000 (21:48 -0700)]
Fix for bug #72513
Stanislav Malyshev [Wed, 13 Jul 2016 04:35:02 +0000 (21:35 -0700)]
CS fix and comments with bug ID
Stanislav Malyshev [Sun, 10 Jul 2016 23:17:54 +0000 (16:17 -0700)]
Fix for HTTP_PROXY issue.
Anatol Belski [Wed, 6 Jul 2016 08:40:52 +0000 (10:40 +0200)]
add tests for bug #72512
Pierre Joye [Mon, 4 Jul 2016 08:35:20 +0000 (10:35 +0200)]
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Stanislav Malyshev [Mon, 27 Jun 2016 00:52:09 +0000 (17:52 -0700)]
Fixed bug #72479 - same as #72434
Julien Pauli [Tue, 21 Jun 2016 11:10:37 +0000 (13:10 +0200)]
5.5.38 now
Anatol Belski [Tue, 21 Jun 2016 07:42:38 +0000 (09:42 +0200)]
remove the huge test file, generate it on the fly instead
Stanislav Malyshev [Tue, 21 Jun 2016 07:18:27 +0000 (00:18 -0700)]
Now the right bug #
Stanislav Malyshev [Tue, 21 Jun 2016 07:14:50 +0000 (00:14 -0700)]
Fix NEWS
Stanislav Malyshev [Tue, 21 Jun 2016 06:58:26 +0000 (23:58 -0700)]
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
Stanislav Malyshev [Tue, 21 Jun 2016 06:45:37 +0000 (23:45 -0700)]
update NEWS
Stanislav Malyshev [Tue, 21 Jun 2016 06:31:54 +0000 (23:31 -0700)]
Merge branch 'PHP-5.5.37' into PHP-5.5
Stanislav Malyshev [Tue, 21 Jun 2016 05:54:55 +0000 (22:54 -0700)]
fix tests
Stanislav Malyshev [Tue, 21 Jun 2016 05:13:31 +0000 (22:13 -0700)]
fix build
Stanislav Malyshev [Tue, 21 Jun 2016 04:51:42 +0000 (21:51 -0700)]
Fix bug #72455: Heap Overflow due to integer overflows
Stanislav Malyshev [Tue, 21 Jun 2016 04:35:22 +0000 (21:35 -0700)]
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Stanislav Malyshev [Tue, 21 Jun 2016 04:26:33 +0000 (21:26 -0700)]
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Stanislav Malyshev [Sun, 19 Jun 2016 04:57:25 +0000 (21:57 -0700)]
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Stanislav Malyshev [Sun, 19 Jun 2016 04:48:39 +0000 (21:48 -0700)]
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Stanislav Malyshev [Sun, 19 Jun 2016 04:04:33 +0000 (21:04 -0700)]
Fix bug #72298 pass2_no_dither out-of-bounds access
Pierre Joye [Sat, 18 Jun 2016 18:15:10 +0000 (20:15 +0200)]
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Stanislav Malyshev [Thu, 16 Jun 2016 04:58:26 +0000 (21:58 -0700)]
Fix bug #72262 - do not overflow int
Stanislav Malyshev [Thu, 16 Jun 2016 04:46:46 +0000 (21:46 -0700)]
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Stanislav Malyshev [Tue, 14 Jun 2016 06:12:47 +0000 (23:12 -0700)]
Fix bug #72275: don't allow smart_str to overflow int
Stanislav Malyshev [Mon, 13 Jun 2016 06:18:23 +0000 (23:18 -0700)]
Fix bug #72340: Double Free Courruption in wddx_deserialize
Anatol Belski [Mon, 13 Jun 2016 06:12:22 +0000 (08:12 +0200)]
update NEWS
Christoph M. Becker [Mon, 20 Jul 2015 21:24:55 +0000 (23:24 +0200)]
Fix #66387: Stack overflow with imagefilltoborder
Remi Collet [Wed, 25 May 2016 14:17:12 +0000 (16:17 +0200)]
Skip test which is 64bits only
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more than
2147483647 in ...
Julien Pauli [Wed, 25 May 2016 09:37:58 +0000 (11:37 +0200)]
5.5.37 now
Stanislav Malyshev [Tue, 24 May 2016 23:12:01 +0000 (16:12 -0700)]
Fix memory leak in imagescale()
Stanislav Malyshev [Tue, 24 May 2016 22:56:02 +0000 (15:56 -0700)]
Update NEWS
Stanislav Malyshev [Tue, 24 May 2016 22:52:15 +0000 (15:52 -0700)]
Better fix for bug #72135
Stanislav Malyshev [Mon, 23 May 2016 07:28:02 +0000 (00:28 -0700)]
Fixed bug #72227: imagescale out-of-bounds read
Ported from https://github.com/libgd/libgd/commit/
4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a
Stanislav Malyshev [Mon, 23 May 2016 00:49:02 +0000 (17:49 -0700)]
Fix bug #72241: get_icu_value_internal out-of-bounds read
Stanislav Malyshev [Mon, 16 May 2016 06:26:51 +0000 (23:26 -0700)]
Fix bug #72135 - don't create strings with lengths outside int range
Stanislav Malyshev [Tue, 10 May 2016 05:17:20 +0000 (22:17 -0700)]
Add check for string overflow to all string add operations
Stanislav Malyshev [Tue, 10 May 2016 04:55:29 +0000 (21:55 -0700)]
Fix bug #72114 - int/size_t confusion in fread
Julien Pauli [Mon, 2 May 2016 14:52:58 +0000 (16:52 +0200)]
Updated NEWS
Julien Pauli [Mon, 2 May 2016 14:49:47 +0000 (16:49 +0200)]
Backport of fixed for bug #71331 - Uninitialized pointer in phar_make_dirstream()
Lior Kaplan [Sun, 1 May 2016 11:14:57 +0000 (13:14 +0200)]
Update PHP 5.5 NEWS entries with CVE info
Julien Pauli [Fri, 29 Apr 2016 07:12:27 +0000 (09:12 +0200)]
Added CVE
Stanislav Malyshev [Fri, 15 Jan 2016 06:58:40 +0000 (22:58 -0800)]
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Julien Pauli [Wed, 27 Apr 2016 09:55:05 +0000 (11:55 +0200)]
Updated NEWS
Stanislav Malyshev [Wed, 27 Apr 2016 05:54:58 +0000 (22:54 -0700)]
Fix memory leak
Stanislav Malyshev [Mon, 25 Apr 2016 06:50:57 +0000 (23:50 -0700)]
Fix bug #72099: xml_parse_into_struct segmentation fault
Julien Pauli [Tue, 26 Apr 2016 20:34:00 +0000 (22:34 +0200)]
5.5.36 now
Stanislav Malyshev [Mon, 25 Apr 2016 02:33:52 +0000 (19:33 -0700)]
Fix bug #72094 - Out of bounds heap read access in exif header processing
Stanislav Malyshev [Mon, 25 Apr 2016 01:33:32 +0000 (18:33 -0700)]
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
Stanislav Malyshev [Sun, 24 Apr 2016 19:49:01 +0000 (12:49 -0700)]
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Stanislav Malyshev [Tue, 19 Apr 2016 05:20:22 +0000 (22:20 -0700)]
Fix for bug #71912 (libgd: signedness vulnerability)
Julien Pauli [Thu, 31 Mar 2016 15:45:07 +0000 (17:45 +0200)]
Typo in NEWS
Anatol Belski [Wed, 30 Mar 2016 23:33:38 +0000 (01:33 +0200)]
fix borked mainstream patch
Julien Pauli [Tue, 29 Mar 2016 16:11:03 +0000 (18:11 +0200)]
5.5.35 now
Anatol Belski [Tue, 29 Mar 2016 12:18:25 +0000 (14:18 +0200)]
fix dir separator in test
Anatol Belski [Sun, 27 Mar 2016 22:45:19 +0000 (00:45 +0200)]
Fixed bug #71527 Buffer over-write in finfo_open with malformed magic file
The actual fix is applying the upstream patch from
https://github.com/file/file/commit/
6713ca45e7757297381f4b4cdb9cf5e624a9ad36
Anatol Belski [Wed, 16 Mar 2016 08:48:40 +0000 (09:48 +0100)]
Fixed bug #71704 php_snmp_error() Format String Vulnerability
Stanislav Malyshev [Tue, 29 Mar 2016 06:29:45 +0000 (23:29 -0700)]
Merge branch 'PHP-5.5.34' into PHP-5.5
Stanislav Malyshev [Mon, 28 Mar 2016 08:22:37 +0000 (01:22 -0700)]
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Stanislav Malyshev [Mon, 28 Mar 2016 08:22:37 +0000 (01:22 -0700)]
Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
Stanislav Malyshev [Sun, 27 Mar 2016 21:22:19 +0000 (14:22 -0700)]
Fix bug #71798 - Integer Overflow in php_raw_url_encode
Stanislav Malyshev [Mon, 21 Mar 2016 03:54:09 +0000 (20:54 -0700)]
Fix bug #71860: Require valid paths for phar filenames
Julien Pauli [Wed, 2 Mar 2016 10:02:42 +0000 (11:02 +0100)]
Going for 5.5.34
Stanislav Malyshev [Wed, 2 Mar 2016 06:55:02 +0000 (22:55 -0800)]
fix test file
Stanislav Malyshev [Wed, 2 Mar 2016 06:47:27 +0000 (22:47 -0800)]
Fix version
Stanislav Malyshev [Wed, 2 Mar 2016 06:37:23 +0000 (22:37 -0800)]
Update NEWS
Stanislav Malyshev [Mon, 22 Feb 2016 00:51:05 +0000 (16:51 -0800)]
Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
Stanislav Malyshev [Mon, 15 Feb 2016 06:34:39 +0000 (22:34 -0800)]
Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
Anatol Belski [Tue, 2 Feb 2016 13:19:10 +0000 (14:19 +0100)]
add error check to sysconf call
Julien Pauli [Tue, 2 Feb 2016 09:42:49 +0000 (10:42 +0100)]
Going for 5.5.33 now
Stanislav Malyshev [Tue, 2 Feb 2016 02:58:02 +0000 (18:58 -0800)]
fix tests
Stanislav Malyshev [Tue, 2 Feb 2016 02:47:56 +0000 (18:47 -0800)]
fix NEWS
Stanislav Malyshev [Tue, 2 Feb 2016 02:44:33 +0000 (18:44 -0800)]
update NEWS
Stanislav Malyshev [Tue, 2 Feb 2016 02:28:49 +0000 (18:28 -0800)]
Merge branch 'PHP-5.5' into PHP-5.5.32
Stanislav Malyshev [Mon, 1 Feb 2016 04:33:17 +0000 (20:33 -0800)]
Upgrade bundled PCRE to 8.38
Stanislav Malyshev [Mon, 1 Feb 2016 03:37:56 +0000 (19:37 -0800)]
Fixed bug #71488: Stack overflow when decompressing tar archives
Anatol Belski [Thu, 28 Jan 2016 12:57:44 +0000 (13:57 +0100)]
update NEWS
Anatol Belski [Thu, 28 Jan 2016 12:46:34 +0000 (13:46 +0100)]
add missing headers for SIZE_MAX
Anatol Belski [Thu, 28 Jan 2016 12:45:43 +0000 (13:45 +0100)]
backport the escapeshell* functions hardening branch
Anatol Belski [Thu, 28 Jan 2016 12:27:26 +0000 (13:27 +0100)]
add tests
Julien Pauli [Thu, 28 Jan 2016 11:47:53 +0000 (12:47 +0100)]
Fixed NEWS file entry
Stanislav Malyshev [Wed, 27 Jan 2016 01:26:52 +0000 (17:26 -0800)]
Fix bug #71459 - Integer overflow in iptcembed()
Stanislav Malyshev [Sun, 17 Jan 2016 06:10:54 +0000 (22:10 -0800)]
Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
Stanislav Malyshev [Sun, 17 Jan 2016 04:43:43 +0000 (20:43 -0800)]
Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
Stanislav Malyshev [Thu, 14 Jan 2016 00:43:04 +0000 (16:43 -0800)]
Fix bug #71335: Type Confusion in WDDX Packet Deserialization
Stanislav Malyshev [Thu, 14 Jan 2016 00:33:37 +0000 (16:33 -0800)]
Merge branch 'bug71354' into PHP-5.5.32
Stanislav Malyshev [Thu, 14 Jan 2016 00:32:29 +0000 (16:32 -0800)]
Fix bug #71354 - remove UMR when size is 0
Remi Collet [Tue, 12 Jan 2016 12:52:27 +0000 (13:52 +0100)]
fix the fix for bug #70976 (imagerotate)
Julien Pauli [Thu, 7 Jan 2016 12:04:35 +0000 (13:04 +0100)]
5.5.32 now
Stanislav Malyshev [Wed, 6 Jan 2016 03:28:24 +0000 (19:28 -0800)]
Update NEWS
Stanislav Malyshev [Tue, 29 Dec 2015 07:44:14 +0000 (23:44 -0800)]
Improve fix for bug #70976
Stanislav Malyshev [Mon, 28 Dec 2015 22:46:35 +0000 (14:46 -0800)]
Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
Stanislav Malyshev [Mon, 28 Dec 2015 20:42:44 +0000 (12:42 -0800)]
Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
Julien Pauli [Tue, 22 Dec 2015 13:28:19 +0000 (14:28 +0100)]
Fixed #70728
Stanislav Malyshev [Tue, 8 Dec 2015 08:10:07 +0000 (00:10 -0800)]
Fixed bug #70755: fpm_log.c memory leak and buffer overflow
projects / php / log