diff options
author | Remi Collet <remi@php.net> | 2019-05-29 08:53:23 +0200 |
---|---|---|
committer | Remi Collet <remi@php.net> | 2019-05-29 08:53:23 +0200 |
commit | 3051147019943832eb91eb7fce1089b0e22a8369 (patch) | |
tree | ad57e1dcbb3d6d8510880f6f642e2a5bcb2ba045 | |
parent | 7821cc3b9f51d12f2cf391e191fef1f591cb7f35 (diff) | |
download | php-git-3051147019943832eb91eb7fce1089b0e22a8369.tar.gz |
add NEWS entries for sec fix
-rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -23,12 +23,22 @@ PHP NEWS 30 May 2019, PHP 7.2.19 +- EXIF: + . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16). + (CVE-2019-11040) (Stas) + - FPM: . Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka) . Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot) - GD: . Fixed bug #77943 (imageantialias($image, false); does not work). (cmb) + . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm). + (CVE-2019-11038) (cmb) + +- Iconv: + . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() + due to integer overflow). (CVE-2019-11039). (maris dot adam) - JSON: . Fixed bug #77843 (Use after free with json serializer). (Nikita) @@ -50,6 +60,9 @@ PHP NEWS . Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig Duncan) +- SQLite: + . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas) + 02 May 2019, PHP 7.2.18 - CLI: |