New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update PHP 5.5 NEWS entries with CVE info #1892

Closed
wants to merge 7 commits into
base: PHP-5.5
from

Add CVE IDs PHP 5.5.29

  • Loading branch information...
kaplanlior committed Apr 28, 2016
commit a1a7ff5122ce430ed4c76c0204a874f3193d4101
View
16 NEWS
@@ -113,9 +113,10 @@ PHP NEWS
03 Sep 2015, PHP 5.5.29
- Core:
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
(CVE-2015-6834) (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
(taoguangchen at icloud dot com)
(CVE-2015-6835) (taoguangchen at icloud dot com)
- EXIF:
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
@@ -131,20 +132,21 @@ PHP NEWS
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
(CVE-2015-6836) (Stas)
- SPL:
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
SplObjectStorage). (CVE-2015-6834) (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
SplDoublyLinkedList). (CVE-2015-6834) (taoguangchen at icloud dot com)
- XSLT:
. Fixed bug #69782 (NULL pointer dereference). (Stas)
. Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
(Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
creating directories). (CVE-2014-9767) (neal at fb dot com)
06 Aug 2015, PHP 5.5.28
ProTip! Use n and p to navigate between commits in a pull request.