Opened 9 years ago
Closed 9 years ago
#6162 closed enhancement (fixed)
php-5.6.6
| Reported by: | Fernando de Oliveira | Owned by: | Pierre Labastie |
|---|---|---|---|
| Priority: | high | Milestone: | 7.7 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
http://www.php.net/distributions/php-5.6.6.tar.xz
The PHP development team announces the immediate availability of PHP 5.6.6. This release fixes several bugs and addresses CVE-2015-0235 and CVE-2015-0273. All PHP 5.6 users are encouraged to upgrade to this version.
http://php.net/ChangeLog-5.php#5.6.6
∙ Core:
∙ Removed support for multi-line headers, as the are deprecated by RFC
7230.
∙ Fixed bug #67068 (getClosure returns somethings that's not a
closure).
∙ Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273)
∙ Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc
gethostbyname buffer overflow).
∙ Fixed bug #67988 (htmlspecialchars() does not respect
default_charset specified by ini_set) (Yasuo)
∙ Added NULL byte protection to exec, system and passthru.
∙ Dba:
∙ Fixed bug #68711 (useless comparisons).
∙ Enchant:
∙ Fixed bug #68552 (heap buffer overflow in
enchant_broker_request_dict()).
∙ Fileinfo:
∙ Fixed bug #68827 (Double free with disabled ZMM).
∙ Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime
files correctly).
∙ Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with
some gifs).
∙ FPM:
∙ Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
∙ Fixed bug #68571 (core dump when webserver close the socket).
∙ JSON:
∙ Fixed bug #50224 (json_encode() does not always encode a float as a
float) by adding JSON_PRESERVE_ZERO_FRACTION.
∙ LIBXML:
∙ Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads).
∙ Mysqli:
∙ Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
∙ Fixed bug #68657 (Reading 4 byte floats with Mysqli and
libmysqlclient has rounding errors) (Keyur Govande)
∙ Opcache:
∙ Fixed bug with try blocks being removed when extended_info opcode
generation is turned on.
∙ PDO_mysql:
∙ Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes).
∙ Phar:
∙ Fixed bug #68901 (use after free).
∙ Pgsql:
∙ Fixed bug #65199 (pg_copy_from() modifies input array variable)
(Yasuo)
∙ Session:
∙ Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl,
Yasuo)
∙ Fixed bug #66623 (no EINTR check on flock) (Yasuo)
∙ Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
∙ Sqlite3:
∙ Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args).
∙ Standard:
∙ Fixed bug #65272 (flock() out parameter not set correctly in
windows).
∙ Fixed bug #69033 (Request may get env. variables from previous
requests if PHP works as FastCGI).
∙ Streams:
∙ Fixed bug which caused call after final close on streams filter.
Change History (5)
comment:1 by , 9 years ago
comment:3 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
I can do that one while I am building LFS-7.7rc1
Note:
See TracTickets
for help on using tickets.
Please, I would like to have confirmation if this is the type of security fix we are still considering for 7.7.