Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | PHP 5.5.37php-5.5.37PHP-5.5.37 | Julien Pauli | 2016-06-21 | 3 | -12/+6 |
| | |||||
* | 5.5.38 now | Julien Pauli | 2016-06-21 | 3 | -5/+9 |
| | |||||
* | remove the huge test file, generate it on the fly instead | Anatol Belski | 2016-06-21 | 2 | -1/+23 |
| | |||||
* | Now the right bug # | Stanislav Malyshev | 2016-06-21 | 1 | -1/+1 |
| | |||||
* | Fix NEWS | Stanislav Malyshev | 2016-06-21 | 1 | -2/+2 |
| | |||||
* | iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() ↵ | Stanislav Malyshev | 2016-06-20 | 2 | -9/+15 |
| | | | | resulting in heap overflow | ||||
* | update NEWS | Stanislav Malyshev | 2016-06-20 | 1 | -1/+30 |
| | |||||
* | Merge branch 'PHP-5.5.37' into PHP-5.5 | Stanislav Malyshev | 2016-06-20 | 20 | -246/+449 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5.37: fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize | ||||
| * | fix tests | Stanislav Malyshev | 2016-06-20 | 1 | -1/+1 |
| | | |||||
| * | fix build | Stanislav Malyshev | 2016-06-20 | 1 | -1/+1 |
| | | |||||
| * | Fix bug #72455: Heap Overflow due to integer overflows | Stanislav Malyshev | 2016-06-20 | 1 | -42/+50 |
| | | |||||
| * | Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC ↵ | Stanislav Malyshev | 2016-06-20 | 2 | -0/+42 |
| | | | | | | | | algorithm and unserialize | ||||
| * | Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and ↵ | Stanislav Malyshev | 2016-06-20 | 3 | -1/+44 |
| | | | | | | | | unserialize | ||||
| * | Fix bug #72407: NULL Pointer Dereference at _gdScaleVert | Stanislav Malyshev | 2016-06-18 | 1 | -0/+3 |
| | | |||||
| * | Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free | Stanislav Malyshev | 2016-06-18 | 2 | -33/+49 |
| | | |||||
| * | Fix bug #72298 pass2_no_dither out-of-bounds access | Stanislav Malyshev | 2016-06-18 | 2 | -7/+22 |
| | | |||||
| * | Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow | Pierre Joye | 2016-06-18 | 3 | -0/+18 |
| | | |||||
| * | Fix bug #72262 - do not overflow int | Stanislav Malyshev | 2016-06-15 | 1 | -107/+111 |
| | | |||||
| * | Fix bug #72400 and #72403 - prevent signed int overflows for string lengths | Stanislav Malyshev | 2016-06-15 | 2 | -49/+72 |
| | | |||||
| * | Fix bug #72275: don't allow smart_str to overflow int | Stanislav Malyshev | 2016-06-14 | 1 | -7/+10 |
| | | |||||
| * | Fix bug #72340: Double Free Courruption in wddx_deserialize | Stanislav Malyshev | 2016-06-12 | 2 | -0/+28 |
| | | |||||
* | | update NEWS | Anatol Belski | 2016-06-13 | 1 | -0/+3 |
| | | |||||
* | | Fix #66387: Stack overflow with imagefilltoborder | Christoph M. Becker | 2016-06-13 | 2 | -0/+19 |
|/ | | | | | | | The stack overflow is caused by the recursive algorithm in combination with a very large negative coordinate passed to gdImageFillToBorder(). As there is already a clipping for large positive coordinates to the width and height of the image, it seems to be consequent to clip to zero also. | ||||
* | Skip test which is 64bits only | Remi Collet | 2016-05-25 | 1 | -0/+2 |
| | | | | | | Diff from test output 001+ Warning: fread(): Length parameter must be greater than 0 in ... 001- Warning: fread(): Length parameter must be no more than 2147483647 in ... | ||||
* | 5.5.37 now | Julien Pauli | 2016-05-25 | 3 | -4/+7 |
| | |||||
* | Fix memory leak in imagescale() | Stanislav Malyshev | 2016-05-24 | 2 | -4/+4 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2016-05-24 | 1 | -2/+12 |
| | |||||
* | Better fix for bug #72135 | Stanislav Malyshev | 2016-05-24 | 1 | -4/+5 |
| | |||||
* | Fixed bug #72227: imagescale out-of-bounds read | Stanislav Malyshev | 2016-05-23 | 2 | -8/+23 |
| | | | | Ported from https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a | ||||
* | Fix bug #72241: get_icu_value_internal out-of-bounds read | Stanislav Malyshev | 2016-05-22 | 2 | -117/+132 |
| | |||||
* | Fix bug #72135 - don't create strings with lengths outside int range | Stanislav Malyshev | 2016-05-15 | 1 | -23/+27 |
| | |||||
* | Add check for string overflow to all string add operations | Stanislav Malyshev | 2016-05-09 | 1 | -0/+7 |
| | |||||
* | Fix bug #72114 - int/size_t confusion in fread | Stanislav Malyshev | 2016-05-09 | 2 | -0/+18 |
| | |||||
* | Updated NEWS | Julien Pauli | 2016-05-02 | 1 | -5/+8 |
| | |||||
* | Backport of fixed for bug #71331 - Uninitialized pointer in ↵ | Julien Pauli | 2016-05-02 | 4 | -2/+18 |
|\ | | | | | | | phar_make_dirstream() | ||||
| * | Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream() | Stanislav Malyshev | 2016-04-28 | 4 | -2/+18 |
| | | |||||
* | | Update PHP 5.5 NEWS entries with CVE info | Lior Kaplan | 2016-05-01 | 1 | -27/+34 |
| | | |||||
* | | Added CVE | Julien Pauli | 2016-04-29 | 1 | -1/+1 |
|/ | |||||
* | Updated NEWS | Julien Pauli | 2016-04-27 | 1 | -0/+3 |
| | |||||
* | Fix memory leak | Stanislav Malyshev | 2016-04-26 | 1 | -0/+3 |
| | |||||
* | Fix bug #72099: xml_parse_into_struct segmentation fault | Stanislav Malyshev | 2016-04-26 | 2 | -53/+70 |
| | |||||
* | 5.5.36 now | Julien Pauli | 2016-04-26 | 3 | -5/+24 |
| | |||||
* | Fix bug #72094 - Out of bounds heap read access in exif header processing | Stanislav Malyshev | 2016-04-24 | 6 | -2/+76 |
| | |||||
* | Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition | Stanislav Malyshev | 2016-04-24 | 3 | -22/+57 |
| | | | | | We can not modify result since it can be copy of _zero_ or _one_, etc. and "copy" in bcmath is just bumping the refcount. | ||||
* | Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative ↵ | Stanislav Malyshev | 2016-04-24 | 2 | -5/+22 |
| | | | | offset | ||||
* | Fix for bug #71912 (libgd: signedness vulnerability) | Stanislav Malyshev | 2016-04-18 | 3 | -0/+19 |
| | |||||
* | Typo in NEWS | Julien Pauli | 2016-03-31 | 1 | -1/+1 |
| | |||||
* | fix borked mainstream patch | Anatol Belski | 2016-03-31 | 1 | -1/+1 |
| | |||||
* | 5.5.35 now | Julien Pauli | 2016-03-29 | 3 | -5/+25 |
| | |||||
* | fix dir separator in test | Anatol Belski | 2016-03-29 | 1 | -2/+2 |
| |