Permalink
Commits on Sep 22, 2016
  1. Also had to fix up some tokenizer tests that were affected by the token

    number changes.
    
    (cherry picked from commit 99f93dd)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    nikic committed with Jul 22, 2012
  2. Fix broken test

    (cherry picked from commit ca766e0)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    rdlowrey committed with Mar 5, 2015
  3. Minor fix: Missing quotes in openssl test case for bug bug64802

    (cherry picked from commit 437ab7f)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    dol committed with Nov 18, 2014
  4. Fix test

    (cherry picked from commit 33d0ef0)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 13, 2016
  5. Fix bug #72293: Heap overflow in mysqlnd related to BIT fields

    Assigned CVE-IDs: CVE-2016-7412
    
    (cherry picked from commit 28f80ba)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 13, 2016
  6. Fix bug #73007: add locale length check

    Assigned CVE-IDs: CVE-2016-7416
    
    (cherry picked from commit 6d55ba2)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 6, 2016
  7. Fix bug #72928: Out of bound when verify signature of zip phar in pha…

    …r_parse_zipfile
    
    Assigned CVE-IDs: CVE-2016-7414
    
    (cherry picked from commit 223266e)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 5, 2016
  8. Fix bug #73029: Missing type check when unserializing SplArray

    Assigned CVE-IDs: CVE-2016-7417
    
    (cherry picked from commit ecb7f58)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 12, 2016
  9. Fix bug #73052: Memory Corruption in During Deserialized-object Destr…

    …uction
    
    Assigned CVE-IDs: CVE-2016-7411
    
    (cherry picked from commit 6a7cc8f)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 12, 2016
  10. Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c

    Assigned CVE-IDs: CVE-2016-7418
    
    (cherry picked from commit c4cca4c)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 12, 2016
  11. Fix bug #72860: wddx_deserialize use-after-free

    (cherry picked from commit b88393f)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Sep 6, 2016
  12. Fix bug #70436: Use After Free Vulnerability in unserialize()

    (cherry picked from commit 95d09e4)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 7, 2016
  13. Fix bug #72663: destroy broken object when unserializing

    Assigned CVE-IDs: CVE-2016-7124
    
    (cherry picked from commit 448c9be)
    (cherry picked from commit 639f7fd)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 2, 2016
  14. Fix bug #72681: consume data even if we're not storing them

    Assigned CVE-IDs: CVE-2016-7125
    
    (cherry picked from commit 8763c60)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 3, 2016
  15. Fix bug #72627: Memory Leakage In exif_process_IFD_in_TIFF

    Assigned CVE-IDs: CVE-2016-7128
    
    (cherry picked from commit 6dbb1ee)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 8, 2016
  16. Fix bug #72730: imagegammacorrect allows arbitrary write access

    Assigned CVE-IDs: CVE-2016-7127
    
    (cherry picked from commit 1bd103d)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 10, 2016
  17. Fix bug #72697: select_colors write out-of-bounds

    Assigned CVE-IDs: CVE-2016-7126
    
    cherry picked from commit a3598dd)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 10, 2016
  18. Fix bug #72790 and bug #72799

    Assigned CVE-IDs: CVE-2016-7131, CVE-2016-7132
    
    (cherry picked from commit 5a34bd6)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 11, 2016
  19. Fix bug #72750: wddx_deserialize null dereference

    Assigned CVE-IDs: CVE-2016-7130
    
    (cherry picked from commit 698a691)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 7, 2016
  20. Fix bug #72749: wddx_deserialize allows illegal memory access

    Assigned CVE-IDs: CVE-2016-7129
    
    (cherry picked from commit 426aeb2)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Aug 4, 2016
  21. re-fix leak

    (cherry picked from commit a003504)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    weltling committed with Jun 21, 2016
  22. Fix bug #72562: destroy var_hash properly

    Assigned CVE-IDs: CVE-2016-6290
    
    (cherry picked from commit 3798eb6)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 13, 2016
  23. Fix bug #72519: possible OOB using imagegif

    (cherry picked from commit 7b1572b)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    pierrejoye committed with Jul 19, 2016
  24. Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment

    Assigned CVE-IDs: CVE-2016-6292
    
    (cherry picked from commit 41131cd)
    (cherry picked from commit 1364742)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 19, 2016
  25. Fix bug #72613: Inadequate error handling in bzread()

    Assigned CVE-IDs: CVE-2016-5399
    
    (cherry picked from commit f3feddb)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 19, 2016
  26. Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simple…

    …string.c
    
    Assigned CVE-IDs: CVE-2016-6296
    
    (cherry picked from commit e6c4821)
    (cherry picked from commit 33c1a55)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 19, 2016
  27. Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE

    Assigned CVE-IDs: CVE-2016-6291
    
    (cherry picked from commit eebcbd5)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 17, 2016
  28. Extend libxml exports

    These are needed to support libxslt 1.1.29 on Windows. This libxslt version
    fixes CVE-2015-7995 and for this reason needs to be used.
    
    (cherry picked from commit fe1d6fe)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    weltling committed with Jul 14, 2016
  29. Fix bug #72533: locale_accept_from_http out-of-bounds access

    Assigned CVE-IDs: CVE-2016-6294
    
    (cherry picked from commit aa82e99)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 13, 2016
  30. Fix bug #72520: Stack-based buffer overflow vulnerability in php_stre…

    …am_zip_opener
    
    Assigned CVE-IDs: CVE-2016-6297
    
    (cherry picked from commit 81406c0)
    (cherry picked from commit 8ebdb1f)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 13, 2016
  31. Fix bug #72513: Stack-based buffer overflow vulnerability in virtual_…

    …file_ex
    
    Assigned CVE-IDs: CVE-2016-6289
    
    (cherry picked from commit 0218acb)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 13, 2016
  32. Fix bug #72573: HTTP_PROXY is improperly trusted by some PHP librarie…

    …s and applications
    
    Assigned CVE-IDs: CVE-2016-5385
    
    The following changes are made:
    - _SERVER/_ENV only has HTTP_PROXY if the local environment has it,
      and only one from the environment.
    - getenv('HTTP_PROXY') only returns one from the local environment
    - getenv has optional second parameter, telling it to only consider
      local environment
    
    (cherry picked from commit 98b9dfa)
    (cherry picked from commit aca4f65)
    Signed-off-by: Lior Kaplan <kaplanlior@gmail.com>
    smalyshev committed with Jul 10, 2016