Skip to content

Commit c3b2360

Browse files
smalyshevsmalyshev
committed
Merge branch 'PHP-5.4' into PHP-5.4.42
* PHP-5.4: NEWS entry for: Upgrade bundled sqlite to 3.8.10.2 Upgrade bundled sqlite to 3.8.10.2 Add CVE used in PHP 5.4.39, 5.4.40, 5.4.41 Add CVE to #68598
2 parents 87d9ba8 + 33a9f01 commit c3b2360

File tree

4 files changed

+119818
-91169
lines changed

4 files changed

+119818
-91169
lines changed

NEWS

Lines changed: 23 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -9,34 +9,41 @@ PHP NEWS
99
- Postgres:
1010
. Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi)
1111

12+
- Sqlite3:
13+
. Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
14+
CVE-2015-3416) (Kaplan)
15+
1216
14 May 2015 PHP 5.4.41
1317

1418
- Core:
15-
. Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
19+
. Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
20+
(CVE-2015-4024) (Stas)
1621
. Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
1722
(Stas)
18-
. Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
23+
. Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
24+
(Stas)
1925
. Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
2026

2127
- FTP:
2228
. Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
23-
overflow). (Stas)
29+
overflow). (CVE-2015-4022) (Stas)
2430

2531
- PCNTL:
26-
. Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)
32+
. Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
33+
(Stas)
2734

2835
- PCRE
29-
. Upgraded pcrelib to 8.37.
36+
. Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
3037

3138
- Phar:
3239
. Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
33-
filename starts with null). (Stas)
40+
filename starts with null). (CVE-2015-4021) (Stas)
3441

3542
16 Apr 2015 PHP 5.4.40
3643

3744
- Apache2handler:
3845
. Fixed bug #69218 (potential remote code execution with apache 2.4
39-
apache2handler). (Gerrit Venema)
46+
apache2handler). (CVE-2015-3330) (Gerrit Venema)
4047

4148
- Core:
4249
. Additional fix for bug #69152 (Type confusion vulnerability in
@@ -58,13 +65,16 @@ PHP NEWS
5865
segfault). (Anatol Belski)
5966

6067
- GD:
61-
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi)
68+
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
69+
(Remi)
6270

6371
- Phar:
64-
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
65-
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
72+
. Fixed bug #68901 (use after free). (CVE-2015-2301) (bugreports at internot
73+
dot info)
74+
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar).
75+
(CVE-2015-2783) (Stas)
6676
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
67-
phar_set_inode). (Stas)
77+
phar_set_inode). (CVE-2015-3329) (Stas)
6878

6979
- Postgres:
7080
. Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)
@@ -83,7 +93,8 @@ PHP NEWS
8393
(CVE-2015-2787). (Stas)
8494
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
8595
configuration options). (Anatol Belski)
86-
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)
96+
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
97+
(Stas)
8798

8899
- Ereg:
89100
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305).

0 commit comments

Comments
 (0)