git.pld-linux.org Git - packages/php.git/commit

author	Elan Ruusamäe <glen@delfi.ee>
	Fri, 17 Jun 2016 21:39:07 +0000 (00:39 +0300)
committer	Elan Ruusamäe <glen@delfi.ee>
	Fri, 17 Jun 2016 21:39:07 +0000 (00:39 +0300)
commit	52ff7089f6b9bdc7db85216e720c1edb69e84475
tree	3fec8c82239f7253724b6adf73bf9dd81bbec206	tree \| snapshot
parent	267a10e6de48ae731d58c052db62fdf4083a6a67	commit \| diff

up to 5.6.22; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093

Core:
- Fixed bug #72172 (zend_hex_strtod should not use strlen).
- Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
- Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094)
GD:
- Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
Intl:
- Fixed bug #64524 (Add intl.use_exceptions to php.ini-*).
- Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
Postgres:
- Fixed bug #72151 (mysqli_fetch_object changed behaviour). Patch to #71820 is reverted.