From 254a7c245773d0dd16ead79a598f415dd0d6ee92 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sun, 26 Jan 2020 16:03:35 +0100 Subject: Fix # 79171: heap-buffer-overflow in phar_extract_file We must not access memory outside of the allocated buffer. (cherry picked from commit 7df594b9437aa4f127581e4c88da99e7c41a9b14) --- NEWS | 2 ++ 1 file changed, 2 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 602f92264d..1d3e771eb7 100644 --- a/NEWS +++ b/NEWS @@ -34,6 +34,8 @@ PHP NEWS - Phar: . Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) (stas) + . Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). + (CVE- 2020-7061) (cmb) . Fixed bug #76584 (PharFileInfo::decompress not working). (cmb) - Reflection: -- cgit v1.2.1