summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* PHP 5.5.37php-5.5.37PHP-5.5.37Julien Pauli2016-06-213-12/+6
|
* 5.5.38 nowJulien Pauli2016-06-213-5/+9
|
* remove the huge test file, generate it on the fly insteadAnatol Belski2016-06-212-1/+23
|
* Now the right bug #Stanislav Malyshev2016-06-211-1/+1
|
* Fix NEWSStanislav Malyshev2016-06-211-2/+2
|
* iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() ↵Stanislav Malyshev2016-06-202-9/+15
| | | | resulting in heap overflow
* update NEWSStanislav Malyshev2016-06-201-1/+30
|
* Merge branch 'PHP-5.5.37' into PHP-5.5Stanislav Malyshev2016-06-2020-246/+449
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5.37: fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize
| * fix testsStanislav Malyshev2016-06-201-1/+1
| |
| * fix buildStanislav Malyshev2016-06-201-1/+1
| |
| * Fix bug #72455: Heap Overflow due to integer overflowsStanislav Malyshev2016-06-201-42/+50
| |
| * Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC ↵Stanislav Malyshev2016-06-202-0/+42
| | | | | | | | algorithm and unserialize
| * Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and ↵Stanislav Malyshev2016-06-203-1/+44
| | | | | | | | unserialize
| * Fix bug #72407: NULL Pointer Dereference at _gdScaleVertStanislav Malyshev2016-06-181-0/+3
| |
| * Fix bug #72402: _php_mb_regex_ereg_replace_exec - double freeStanislav Malyshev2016-06-182-33/+49
| |
| * Fix bug #72298 pass2_no_dither out-of-bounds accessStanislav Malyshev2016-06-182-7/+22
| |
| * Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflowPierre Joye2016-06-183-0/+18
| |
| * Fix bug #72262 - do not overflow intStanislav Malyshev2016-06-151-107/+111
| |
| * Fix bug #72400 and #72403 - prevent signed int overflows for string lengthsStanislav Malyshev2016-06-152-49/+72
| |
| * Fix bug #72275: don't allow smart_str to overflow intStanislav Malyshev2016-06-141-7/+10
| |
| * Fix bug #72340: Double Free Courruption in wddx_deserializeStanislav Malyshev2016-06-122-0/+28
| |
* | update NEWSAnatol Belski2016-06-131-0/+3
| |
* | Fix #66387: Stack overflow with imagefilltoborderChristoph M. Becker2016-06-132-0/+19
|/ | | | | | | The stack overflow is caused by the recursive algorithm in combination with a very large negative coordinate passed to gdImageFillToBorder(). As there is already a clipping for large positive coordinates to the width and height of the image, it seems to be consequent to clip to zero also.
* Skip test which is 64bits onlyRemi Collet2016-05-251-0/+2
| | | | | | Diff from test output 001+ Warning: fread(): Length parameter must be greater than 0 in ... 001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
* 5.5.37 nowJulien Pauli2016-05-253-4/+7
|
* Fix memory leak in imagescale()Stanislav Malyshev2016-05-242-4/+4
|
* Update NEWSStanislav Malyshev2016-05-241-2/+12
|
* Better fix for bug #72135Stanislav Malyshev2016-05-241-4/+5
|
* Fixed bug #72227: imagescale out-of-bounds readStanislav Malyshev2016-05-232-8/+23
| | | | Ported from https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a
* Fix bug #72241: get_icu_value_internal out-of-bounds readStanislav Malyshev2016-05-222-117/+132
|
* Fix bug #72135 - don't create strings with lengths outside int rangeStanislav Malyshev2016-05-151-23/+27
|
* Add check for string overflow to all string add operationsStanislav Malyshev2016-05-091-0/+7
|
* Fix bug #72114 - int/size_t confusion in freadStanislav Malyshev2016-05-092-0/+18
|
* Updated NEWSJulien Pauli2016-05-021-5/+8
|
* Backport of fixed for bug #71331 - Uninitialized pointer in ↵Julien Pauli2016-05-024-2/+18
|\ | | | | | | phar_make_dirstream()
| * Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()Stanislav Malyshev2016-04-284-2/+18
| |
* | Update PHP 5.5 NEWS entries with CVE infoLior Kaplan2016-05-011-27/+34
| |
* | Added CVEJulien Pauli2016-04-291-1/+1
|/
* Updated NEWSJulien Pauli2016-04-271-0/+3
|
* Fix memory leakStanislav Malyshev2016-04-261-0/+3
|
* Fix bug #72099: xml_parse_into_struct segmentation faultStanislav Malyshev2016-04-262-53/+70
|
* 5.5.36 nowJulien Pauli2016-04-263-5/+24
|
* Fix bug #72094 - Out of bounds heap read access in exif header processingStanislav Malyshev2016-04-246-2/+76
|
* Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definitionStanislav Malyshev2016-04-243-22/+57
| | | | | We can not modify result since it can be copy of _zero_ or _one_, etc. and "copy" in bcmath is just bumping the refcount.
* Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative ↵Stanislav Malyshev2016-04-242-5/+22
| | | | offset
* Fix for bug #71912 (libgd: signedness vulnerability)Stanislav Malyshev2016-04-183-0/+19
|
* Typo in NEWSJulien Pauli2016-03-311-1/+1
|
* fix borked mainstream patchAnatol Belski2016-03-311-1/+1
|
* 5.5.35 nowJulien Pauli2016-03-293-5/+25
|
* fix dir separator in testAnatol Belski2016-03-291-2/+2
|
View Lorry Controller Status