diff options
author | Julien Pauli <jpauli@php.net> | 2014-06-25 15:05:04 +0200 |
---|---|---|
committer | Julien Pauli <jpauli@php.net> | 2014-06-25 15:05:04 +0200 |
commit | bd4b9f35fff9ed4d8db93371eedbaf921443c377 (patch) | |
tree | 9ccb08daed1be8a12d0a98e19f218dec7a1d083a | |
parent | b10f6572acaf819d63e70cc6398fb215acc9431d (diff) | |
download | php-git-bd4b9f35fff9ed4d8db93371eedbaf921443c377.tar.gz |
Update NEWS will all cherrypicked commits info
-rw-r--r-- | NEWS | 30 |
1 files changed, 22 insertions, 8 deletions
@@ -1,17 +1,19 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -12 Jun 2014, PHP 5.5.14RC1 +26 Jun 2014, PHP 5.5.14 - Core: - . Fixed BC break introduced by patch for bug #67072. (Anatol) + . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). - (Remi) (CVE-2014-3981) + (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) + . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). + (Stefan Esser) - CLI server: - . Fixed Bug #67406i (built-in web-server segfaults on startup). (Remi) + . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). @@ -21,14 +23,24 @@ PHP NEWS - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). + (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal - string size). (Francisco Alonso, Jan Kaluza, Remi) + string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary - check). (Francisco Alonso, Jan Kaluza, Remi) + check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). - (Francisco Alonso, Jan Kaluza, Remi) + (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary - check). (Francisco Alonso, Jan Kaluza, Remi) + check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) + +- Intl: + . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) + . Fixed bug #67397 (Buffer overflow in locale_get_display_name and + uloc_getDisplayName (libicu 4.8.1)). (Stas) + +- Network: + . Fixed bug #67432 (Fix potential segfault in dns_get_record()). + (CVE-2014-4049). (Sara) - OPCache: . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence) @@ -49,6 +61,8 @@ PHP NEWS . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) + . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type + Confusion). (CVE-2014-3515) (Stefan Esser) 29 May 2014, PHP 5.5.13 |