php 7.0.9 リリース

Version 7.0.9

  • Core:
    • Fixed bug #72508 (strange references after recursive function call and “switch” statement).
    • Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex).
    • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).
  • bz2:
    • Fixed bug #72613 (Inadequate error handling in bzread()).
  • CLI:
    • Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify router.php).
  • COM:
    • Fixed bug #72498 (variant_date_from_timestamp null dereference).
  • Curl:
    • Fixed bug #72541 (size_t overflow lead to heap corruption).
  • Exif:
    • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
    • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
  • GD:
    • Fixed bug #43475 (Thick styled lines have scrambled patterns).
    • Fixed bug #53640 (XBM images require width to be multiple of 8).
    • Fixed bug #64641 (imagefilledpolygon doesn’t draw horizontal line).
    • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
    • Fixed bug #72519 (imagegif/output out-of-bounds access).
    • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
    • Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
    • Fixed bug #72494 (imagecropauto out-of-bounds access).
  • Intl:
    • Fixed bug #72533 (locale_accept_from_http out-of-bounds access).
  • Mbstring:
    • Fixed bug #72405 (mb_ereg_replace – mbc_to_code (oniguruma) – oob read access).
    • Fixed bug #72399 (Use-After-Free in MBString (search_re)).
  • mcrypt:
    • Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).
  • PDO_pgsql:
    • Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders).
  • PCRE:
    • Fixed bug #72476 (Memleak in jit_stack).
    • Fixed bug #72463 (mail fails with invalid argument).
  • Readline:
    • Fixed bug #72538 (readline_redisplay crashes php).
  • Standard:
    • Fixed bug #72505 (readfile() mangles files larger than 2G).
    • Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
  • Session:
    • Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
    • Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization).
  • SNMP:
    • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).
  • Streams:
    • Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault).
  • XMLRPC:
    • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
  • Zip:
    • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).

トラックバックURL

http://www.10yendama.com/archives/2046/trackback

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です