Permalink
Switch branches/tags
Commits on Jun 22, 2016
  1. re-fix leak

    weltling authored and Tyrael committed Jun 21, 2016
  2. Revert "fix leak"

    weltling authored and Tyrael committed Jun 21, 2016
    This reverts commit c5d9c50.
  3. fix leak

    weltling authored and Tyrael committed Jun 21, 2016
  4. fix test

    weltling authored and Tyrael committed Jun 21, 2016
    There is a difference between TS and NTS warning message, since
    virtual_mkdir vs glibc directly is used. This has no effect for
    the actual fix functionality.
  5. 5.6.23

    Tyrael committed Jun 22, 2016
Commits on Jun 21, 2016
  1. Merge branch 'PHP-5.5' into PHP-5.6.23

    smalyshev committed Jun 21, 2016
    * PHP-5.5:
      Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
      update NEWS
      fix tests
      fix build
      Fix bug #72455:  Heap Overflow due to integer overflows
      Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
      Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
      Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
      Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
      Fix bug #72298	pass2_no_dither out-of-bounds access
      Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
      Fix bug #72262 - do not overflow int
      Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
      Fix bug #72275: don't allow smart_str to overflow int
      Fix bug #72340: Double Free Courruption in wddx_deserialize
      update NEWS
      Fix #66387: Stack overflow with imagefilltoborder
      Skip test which is 64bits only
      5.5.37 now
    
    Conflicts:
    	configure.in
    	ext/mcrypt/mcrypt.c
    	ext/spl/spl_directory.c
    	main/php_version.h
  2. iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() r…

    smalyshev committed Jun 21, 2016
    …esulting in heap overflow
  3. update NEWS

    smalyshev committed Jun 21, 2016
  4. Merge branch 'PHP-5.5.37' into PHP-5.5

    smalyshev committed Jun 21, 2016
    * PHP-5.5.37:
      fix tests
      fix build
      Fix bug #72455:  Heap Overflow due to integer overflows
      Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
      Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
      Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
      Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
      Fix bug #72298	pass2_no_dither out-of-bounds access
      Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
      Fix bug #72262 - do not overflow int
      Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
      Fix bug #72275: don't allow smart_str to overflow int
      Fix bug #72340: Double Free Courruption in wddx_deserialize
  5. fix tests

    smalyshev committed Jun 21, 2016
  6. fix build

    smalyshev committed Jun 21, 2016
  7. Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP'…

    smalyshev committed Jun 21, 2016
    …s GC algorithm and unserialize
Commits on Jun 19, 2016
Commits on Jun 18, 2016
Commits on Jun 16, 2016
Commits on Jun 14, 2016
Commits on Jun 13, 2016
  1. update NEWS

    weltling committed Jun 13, 2016
  2. Fix #66387: Stack overflow with imagefilltoborder

    Christoph M. Becker authored and weltling committed Jul 20, 2015
    The stack overflow is caused by the recursive algorithm in combination with a
    very large negative coordinate passed to gdImageFillToBorder(). As there is
    already a clipping for large positive coordinates to the width and height of
    the image, it seems to be consequent to clip to zero also.
Commits on Jun 9, 2016
  1. 5.6.23RC1

    Tyrael committed Jun 9, 2016
Commits on Jun 8, 2016
Commits on Jun 7, 2016
  1. Add CVE to #66387

    kaplanlior committed Jun 7, 2016
  2. add missing NEWS entry

    weltling committed Jun 7, 2016
Commits on Jun 6, 2016
  1. Add test for bug #53735

    weltling committed Jun 6, 2016
  2. fix typo

    weltling committed Jun 6, 2016