delta/php-git.git, branch php-5.4.45 git.php.net: repository/php-src.git 5.4.45 2015-09-01T20:09:37+00:00 Stanislav Malyshev stas@php.net 2015-09-01T20:09:37+00:00 24324791c23de1d66d1ff7787b472db30d1af228 






fix unit tests
2015-09-01T19:23:22+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T19:23:22+00:00

1922c650bac7ca4aed9c530faddb96cff73a0abc












add NEWS for fixes
2015-09-01T18:53:59+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T18:53:59+00:00

7ceb0e3a186782ba007dfd4e867d7eed70437740












Merge branch 'PHP-5.4.45' into PHP-5.4
2015-09-01T18:40:15+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T18:40:15+00:00

48cfd1160b4667115f33c4398215759d5e0643d8

* PHP-5.4.45:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782





* PHP-5.4.45:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782







Improve fix for #70172
2015-09-01T18:38:39+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T18:38:15+00:00

7c31203935589ab4fcb104041ef9d87f747bfee4












Fix bug #70312 - HAVAL gives wrong hashes in specific cases
2015-09-01T08:16:30+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T08:16:30+00:00

1390a5812b151e0ea8f74e64bfeaa5df4dd5b801












fix test
2015-09-01T07:59:31+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T07:59:31+00:00

906f19f1365488f90f7473e833a7a13f2c1387ac












add test
2015-09-01T07:26:12+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T07:26:12+00:00

c8f07ad4771620252bf542e09938633bfb837363












Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
2015-09-01T07:20:45+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T07:20:45+00:00

259057b2a484747a6c73ce54c4fa0f5acbd56179












Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
2015-09-01T07:14:15+00:00

Stanislav Malyshev
stas@php.net

2015-09-01T07:14:15+00:00

f06a069c462d37c2e009f6d1d93b8c8e7b713393