Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 5.4.44php-5.4.44PHP-5.4.44 | Stanislav Malyshev | 2015-08-04 | 3 | -4/+4 |
| | |||||
* | fix test | Stanislav Malyshev | 2015-08-04 | 1 | -2/+2 |
| | |||||
* | __wakeup doesn't have to be final | Stanislav Malyshev | 2015-08-04 | 1 | -1/+1 |
| | |||||
* | fix test | Stanislav Malyshev | 2015-08-04 | 1 | -4/+7 |
| | |||||
* | update NEWS | Stanislav Malyshev | 2015-08-04 | 1 | -2/+30 |
| | |||||
* | Merge branch 'PHP-5.4' into PHP-5.4.44 | Stanislav Malyshev | 2015-08-04 | 4 | -9/+21 |
|\ | | | | | | | | | | | * PHP-5.4: Fixed bug #69892 Adjust Git-Rules | ||||
| * | Fixed bug #69892 | Nikita Popov | 2015-08-01 | 3 | -3/+15 |
| | | |||||
| * | Adjust Git-Rules | Julien Pauli | 2015-07-29 | 1 | -6/+6 |
| | | |||||
* | | Fix bug #70019 - limit extracted files to given directory | Stanislav Malyshev | 2015-08-04 | 3 | -4/+68 |
| | | |||||
* | | Do not do convert_to_* on unserialize, it messes up references | Stanislav Malyshev | 2015-08-04 | 3 | -79/+85 |
| | | |||||
* | | Fix #69793 - limit what we accept when unserializing exception | Stanislav Malyshev | 2015-08-01 | 3 | -0/+46 |
| | | |||||
* | | Fixed bug #70169 (Use After Free Vulnerability in unserialize() with ↵ | Stanislav Malyshev | 2015-08-01 | 2 | -12/+43 |
| | | | | | | | | SplDoublyLinkedList) | ||||
* | | Fixed bug #70166 - Use After Free Vulnerability in unserialize() with ↵ | Stanislav Malyshev | 2015-08-01 | 2 | -0/+32 |
| | | | | | | | | SPLArrayObject | ||||
* | | ignore signatures for packages too | Stanislav Malyshev | 2015-08-01 | 2 | -3/+22 |
| | | |||||
* | | Fix bug #70168 - Use After Free Vulnerability in unserialize() with ↵ | Stanislav Malyshev | 2015-08-01 | 2 | -33/+54 |
| | | | | | | | | SplObjectStorage | ||||
* | | Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes | Stanislav Malyshev | 2015-07-26 | 1 | -4/+2 |
| | | |||||
* | | Improved fix for Bug #69441 | Stanislav Malyshev | 2015-07-26 | 1 | -5/+8 |
| | | |||||
* | | Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) | Stanislav Malyshev | 2015-07-26 | 2 | -43/+56 |
| | | |||||
* | | Fix bug #70121 (unserialize() could lead to unexpected methods execution / ↵ | Stanislav Malyshev | 2015-07-26 | 2 | -8/+18 |
| | | | | | | | | NULL pointer deref) | ||||
* | | Fix bug #70081: check types for SOAP variables | Stanislav Malyshev | 2015-07-26 | 1 | -10/+13 |
|/ | |||||
* | 5.4.44 next | Stanislav Malyshev | 2015-07-07 | 3 | -4/+6 |
| | |||||
* | Better fix for bug #69958 | Stanislav Malyshev | 2015-07-07 | 2 | -9/+15 |
| | |||||
* | update news | Stanislav Malyshev | 2015-07-07 | 1 | -1/+10 |
| | |||||
* | Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM) | Stanislav Malyshev | 2015-07-07 | 1 | -25/+40 |
| | |||||
* | Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath | Stanislav Malyshev | 2015-07-07 | 1 | -2/+8 |
| | |||||
* | Fix bug #69958 - Segfault in Phar::convertToData on invalid file | Stanislav Malyshev | 2015-07-07 | 3 | -34/+50 |
| | |||||
* | add missing second argument for ucfirst to the proto | Ferenc Kovacs | 2015-07-07 | 1 | -1/+1 |
| | |||||
* | Merge branch 'pull-request/1350' into PHP-5.4 | Stanislav Malyshev | 2015-06-28 | 4 | -3/+90 |
|\ | | | | | | | | | | | * pull-request/1350: Move strlen() check to php_mail_detect_multiple_crlf() Fixed Bug #69874 : Can't set empty additional_headers for mail() | ||||
| * | Move strlen() check to php_mail_detect_multiple_crlf() | Yasuo Ohgaki | 2015-06-19 | 1 | -2/+2 |
| | | |||||
| * | Fixed Bug #69874 : Can't set empty additional_headers for mail() | Yasuo Ohgaki | 2015-06-19 | 2 | -1/+43 |
| | | |||||
* | | updated NEWS | Christoph M. Becker | 2015-06-24 | 1 | -0/+3 |
| | | |||||
* | | Fixed bug #69768 (escapeshell*() doesn't cater to !) | Christoph M. Becker | 2015-06-24 | 3 | -2/+9 |
| | | | | | | | | | | | | When delayed variable substitution is enabled (can be set in the Registry, for instance), !ENV! works similar to %ENV%, and so ! should be escaped like %. | ||||
* | | bump API version to 6.8 | George Wang | 2015-06-22 | 1 | -1/+1 |
|/ | |||||
* | Fixed bug #69689 (Align PCRE_MINOR with current version) | Lior Kaplan | 2015-06-18 | 1 | -2/+2 |
| | |||||
* | Add CVE to bugs #69545, #69646 and #69667 | Lior Kaplan | 2015-06-18 | 1 | -3/+3 |
| | |||||
* | 5.4.43 next | Stanislav Malyshev | 2015-06-11 | 2 | -4/+4 |
| | |||||
* | add NEWS | Stanislav Malyshev | 2015-06-09 | 1 | -1/+7 |
| | |||||
* | Fixed bug #68776 | Yasuo Ohgaki | 2015-06-09 | 2 | -0/+373 |
| | |||||
* | fix test | Stanislav Malyshev | 2015-06-09 | 1 | -2/+2 |
| | |||||
* | update NEWS | Stanislav Malyshev | 2015-06-09 | 1 | -0/+6 |
| | |||||
* | Fix bug #69646 OS command injection vulnerability in escapeshellarg | Stanislav Malyshev | 2015-06-09 | 1 | -0/+8 |
| | |||||
* | Fix #69719 - more checks for nulls in paths | Stanislav Malyshev | 2015-06-09 | 2 | -13/+25 |
| | |||||
* | fix test description | Remi Collet | 2015-06-09 | 1 | -1/+1 |
| | |||||
* | Fixed Buf #68812 Unchecked return value. | George Wang | 2015-06-08 | 1 | -4/+14 |
| | |||||
* | NEWS entry for: Upgrade bundled sqlite to 3.8.10.2 | Lior Kaplan | 2015-06-08 | 1 | -0/+4 |
| | | | | Includes fixes for CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 | ||||
* | Upgrade bundled sqlite to 3.8.10.2 | Lior Kaplan | 2015-06-08 | 3 | -25800/+54438 |
| | | | | Includes fixes for CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 done in 3.8.9 | ||||
* | Add CVE used in PHP 5.4.39, 5.4.40, 5.4.41 | Lior Kaplan | 2015-06-08 | 1 | -11/+17 |
| | |||||
* | Add CVE to #68598 | Lior Kaplan | 2015-06-08 | 1 | -1/+2 |
| | |||||
* | improve fix for Bug #69545 | Stanislav Malyshev | 2015-05-31 | 2 | -2/+4 |
| | |||||
* | Update PCRE version (bug #69689) | Stanislav Malyshev | 2015-05-30 | 1 | -3/+3 |
| |