Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 5.6.38php-5.6.38PHP-5.6.38 | Ferenc Kovacs | 2018-09-12 | 3 | -8/+6 |
| | |||||
* | 5.6.39 will be the next | Ferenc Kovacs | 2018-09-11 | 3 | -5/+7 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2018-09-09 | 1 | -0/+3 |
| | |||||
* | Fix for bug #76582 | Stanislav Malyshev | 2018-09-09 | 1 | -0/+1 |
| | | | | | The brigade seems to end up in a messed up state if something fails in shutdown, so we clean it up. | ||||
* | 5.6.38 will be next | Ferenc Kovacs | 2018-07-19 | 3 | -5/+7 |
| | |||||
* | Add NEWS | Stanislav Malyshev | 2018-07-16 | 1 | -0/+9 |
| | |||||
* | Fixed bug #76459 windows linkinfo lacks openbasedir check | Anatol Belski | 2018-07-16 | 1 | -1/+12 |
| | |||||
* | Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data | Stanislav Malyshev | 2018-07-16 | 3 | -1/+83 |
| | | | | Use MAKERNOTE length as data size. | ||||
* | Fix bug #76423 - Int Overflow lead to Heap OverFlow in ↵ | Stanislav Malyshev | 2018-07-16 | 3 | -1/+23 |
| | | | | exif_thumbnail_extract of exif.c | ||||
* | 5.6.37 will be next | Ferenc Kovacs | 2018-04-24 | 3 | -5/+21 |
| | |||||
* | Fix test portability | Anatol Belski | 2018-04-24 | 1 | -2/+4 |
| | |||||
* | Fix tsrm_ls | Stanislav Malyshev | 2018-04-23 | 1 | -1/+1 |
| | |||||
* | Merge remote-tracking branch 'security/bug76249' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 2 | -0/+21 |
|\ | | | | | | | | | | | * security/bug76249: Fix test Fix bug #76249 - fail on invalid sequences | ||||
| * | Fix test | Stanislav Malyshev | 2018-04-22 | 1 | -2/+4 |
| | | |||||
| * | Fix bug #76249 - fail on invalid sequences | Stanislav Malyshev | 2018-04-22 | 2 | -0/+19 |
| | | |||||
* | | Merge remote-tracking branch 'security/bug76248' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 2 | -1/+45 |
|\ \ | | | | | | | | | | | | | * security/bug76248: Fix bug #76248 - Malicious LDAP-Server Response causes Crash | ||||
| * | | Fix bug #76248 - Malicious LDAP-Server Response causes Crash | Stanislav Malyshev | 2018-04-22 | 2 | -1/+45 |
| |/ | |||||
* | | Fix #76129 - remove more potential unfiltered outputs for phar | Stanislav Malyshev | 2018-04-23 | 13 | -16/+14 |
| | | |||||
* | | Merge remote-tracking branch 'security/PHP-5.6' into PHP-5.6 | Stanislav Malyshev | 2018-04-23 | 4 | -1/+21 |
|\ \ | |/ |/| | | | | | | | * security/PHP-5.6: Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value Fix bug #75981: prevent reading beyond buffer start | ||||
| * | Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value | Christoph M. Becker | 2018-04-22 | 4 | -1/+21 |
| | | | | | | | | | | | | The MakerNote is not necessarily null-terminated, so we must not use `strlen()` to avoid OOB reads. Instead `php_strnlen()` is the proper way to handle this. | ||||
| * | Fix bug #75981: prevent reading beyond buffer start | Stanislav Malyshev | 2018-02-20 | 2 | -2/+34 |
| | | |||||
* | | [ci skip] 5.6.36 will be next | Ferenc Kovacs | 2018-03-28 | 3 | -5/+7 |
| | | |||||
* | | [ci skip] Update NEWS | Anatol Belski | 2018-03-27 | 1 | -0/+4 |
| | | |||||
* | | Do not set PR_SET_DUMPABLE by default | Jakub Zelenka | 2018-03-27 | 4 | -1/+11 |
| | | |||||
* | | 5.6.35 is next | Ferenc Kovacs | 2018-02-27 | 3 | -5/+7 |
| | | |||||
* | | [ci skip] Update NEWS | Anatol Belski | 2018-02-27 | 1 | -0/+3 |
| | | |||||
* | | Fix bug #75981: prevent reading beyond buffer start | Stanislav Malyshev | 2018-02-26 | 2 | -2/+34 |
| | | |||||
* | | [ci skip] Set FPM maintainership | Stanislav Malyshev | 2018-02-23 | 1 | -1/+1 |
|/ | | | | | As per http://news.php.net/php.internals/101897, Jakub is officially annointed as new FPM maintainer. | ||||
* | 2018 | Remi Collet | 2018-01-03 | 1 | -2/+2 |
| | |||||
* | php 5.6.34 is next | Ferenc Kovacs | 2018-01-03 | 3 | -5/+7 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2018-01-01 | 1 | -1/+7 |
| | |||||
* | Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx | Christoph M. Becker | 2018-01-01 | 3 | -5/+20 |
| | | | | | | | Due to a signedness confusion in `GetCode_` a corrupt GIF file can trigger an infinite loop. Furthermore we make sure that a GIF without any palette entries is treated as invalid *after* open palette entries have been removed. | ||||
* | Fix bug #74782: remove file name from output to avoid XSS | Stanislav Malyshev | 2018-01-01 | 14 | -45/+45 |
| | |||||
* | Backport and apply upstream patch for CVE-2017-14107 | Anatol Belski | 2017-10-27 | 1 | -1/+6 |
| | |||||
* | 5.6.33 is next | Ferenc Kovacs | 2017-10-25 | 3 | -5/+7 |
| | |||||
* | These tests all assume that IPV6 is available. | Rasmus Lerdorf | 2017-10-25 | 5 | -5/+20 |
| | |||||
* | fix the travis build for PHP-5.6 using precise instead of trusty | Ferenc Kovacs | 2017-10-25 | 1 | -1/+1 |
| | |||||
* | fix the travis build for PHP-5.6 using precise instead of trusty | Ferenc Kovacs | 2017-10-25 | 1 | -0/+1 |
| | |||||
* | Parametrize the expected value to avoid platform false positives | Anatol Belski | 2017-10-24 | 1 | -1/+1 |
| | |||||
* | [ci skip] update NEWS | Anatol Belski | 2017-10-24 | 1 | -0/+9 |
| | |||||
* | Fixed bug #72535 arcfour encryption stream filter crashes php | Anatol Belski | 2017-10-24 | 2 | -1/+24 |
| | |||||
* | Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian() | Anatol Belski | 2017-10-24 | 5 | -716/+2336 |
| | |||||
* | Apply upstream patch for CVE-2016-1283 | Anatol Belski | 2017-10-24 | 2 | -1/+16 |
| | | | | | | | | Fix bug #75207, see also https://bugzilla.redhat.com/show_bug.cgi?id=1295385 https://vcs.pcre.org/pcre?view=revision&revision=1636 (cherry picked from commit d11fceab151cd0410645f81eb7444af4388470c3) | ||||
* | add missing NEWS entry for #74087 and also fix the formatting | Ferenc Kovacs | 2017-07-06 | 1 | -4/+8 |
| | |||||
* | move NEWS entry to the correct place, also bump the version | Ferenc Kovacs | 2017-07-06 | 3 | -7/+11 |
| | |||||
* | NEWS for oniguruma | Remi Collet | 2017-07-05 | 1 | -0/+2 |
| | |||||
* | Patch from the upstream git | Remi Collet | 2017-07-05 | 1 | -1/+3 |
| | | | | | | https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228) Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> | ||||
* | Patch from the upstream git | Remi Collet | 2017-07-05 | 1 | -1/+8 |
| | | | | | | | https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> | ||||
* | Patch from the upstream git | Remi Collet | 2017-07-05 | 1 | -0/+2 |
| | | | | | | https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227) Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> | ||||
* | Patch from the upstream git | Remi Collet | 2017-07-05 | 1 | -5/+0 |
| | | | | | | https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224) Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> |