Permalink
Switch branches/tags
Commits on Jul 5, 2017
  1. php 5.6.31

    Tyrael committed Jul 5, 2017
  2. NEWS for oniguruma

    remicollet committed Jul 5, 2017
  3. Patch from the upstream git

    remicollet committed May 30, 2017
    kkos/oniguruma#60 (CVE-2017-9228)
    
    Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
  4. Patch from the upstream git

    remicollet committed May 30, 2017
    kkos/oniguruma#59 (CVE-2017-9229)
    b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6
    
    Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
  5. Patch from the upstream git

    remicollet committed May 30, 2017
    kkos/oniguruma#58 (CVE-2017-9227)
    
    Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
  6. Patch from the upstream git

    remicollet committed May 30, 2017
    kkos/oniguruma#57 (CVE-2017-9224)
    
    Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
  7. Patch from the upstream git

    remicollet committed May 30, 2017
    kkos/oniguruma#55 (CVE-2017-9226)
    b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6
    f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
    
    Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
  8. Improve fix for #74145

    smalyshev committed Jul 5, 2017
  9. Fix tests

    smalyshev committed Jul 5, 2017
  10. Update NEWS

    smalyshev committed Jul 5, 2017
  11. Fixed bug #74111

    nikic authored and smalyshev committed Jun 25, 2017
  12. Fix #74435: Buffer over-read into uninitialized memory

    cmb69 authored and smalyshev committed Jun 20, 2017
    The stack allocated color map buffers were not zeroed before usage, and
    so undefined palette indexes could cause information leakage.
Commits on Jul 4, 2017
Commits on Jun 25, 2017
  1. Update NEWS

    smalyshev committed Jun 25, 2017
Commits on Jun 20, 2017
  1. Fix bug #73807

    nikic authored and smalyshev committed Feb 2, 2017
Commits on Feb 1, 2017
  1. fix test for 32bits (int -> float)

    remicollet authored and weltling committed Feb 1, 2017
    (cherry picked from commit 0f1ae93)
Commits on Jan 19, 2017
  1. update NEWS

    Tyrael committed Jan 19, 2017
Commits on Jan 17, 2017
  1. Fix #73869: Signed Integer Overflow gd_io.c

    cmb69 authored and weltling committed Dec 17, 2016
    GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
    byte unsigned). These values are multiplied and assigned to an int when
    reading the image, what can cause integer overflows. We have to avoid
    that, and also make sure that either chunk count is actually greater
    than zero. If illegal chunk counts are detected, we bail out from
    reading the image.
    
    (cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)
  2. Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()

    cmb69 authored and weltling committed Aug 16, 2016
    We must not pretend that there are image data if there are none. Instead
    we fail reading the image file gracefully.
    
    (cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)
Commits on Jan 16, 2017
  1. Add additional serialize tests for fixed bugs

    nikic committed Jan 16, 2017
    These have been fixed as a side-effect of the delayed __wakeup
    patch.
  2. Fix typo

    smalyshev committed Jan 16, 2017
  3. Fix test

    smalyshev committed Jan 16, 2017
Commits on Jan 10, 2017
Commits on Jan 9, 2017
  1. Fix open_basedir check for glob:// opendir wrapper

    sgolemon committed Jan 9, 2017
    php_check_open_basedir() expects a local filesystem path,
    but we're handing it a `glob://...` URI instead.
    
    Move the check to after the path trim so that we're checking
    a meaningful pathspec.
Commits on Jan 6, 2017
  1. 5.6.31 is next

    Tyrael committed Jan 6, 2017
Commits on Jan 5, 2017
  1. Fix printf modifier

    nikic committed Jan 5, 2017
Commits on Jan 4, 2017