Opened 9 years ago
Closed 9 years ago
#6711 closed enhancement (fixed)
php-5.6.11
| Reported by: | Fernando de Oliveira | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 7.8 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Notice:
s/tar.bz2/tar.xz/
Also it was once recommended, but I don't know if it is still true:
s/http/https/
Security:
https://bugs.php.net/bug.php?id=69669
mysqlnd allows downgrade to non-SSL connection even if SSL was requested
Also see:
http://www.securityweek.com/mysql-ssltls-connections-risk-due-backronym-flaw
MySQL, Oracle’s relational database management system, is plagued by a vulnerability that can be exploited to downgrade SSL/TLS connections, according to researchers at Duo Security.
https://www.php.net/distributions/php-5.6.11.tar.xz
https://secure.php.net/downloads.php
md5: a0c842c1d30fedbe972e1556ae9cee27
https://www.php.net/distributions/php-5.6.11.tar.xz.asc
https://php.net/ChangeLog-5.php#5.6.11
Version 5.6.11
10 Jul 2015
• Core:
• Fixed bug #69768 (escapeshell*() doesn't cater to !).
• Fixed bug #69703 (Use __builtin_clzl on PowerPC).
• Fixed bug #69732 (can induce segmentation fault with basic php
code).
• Fixed bug #69642 (Windows 10 reported as Windows 8).
• Fixed bug #69551 (parse_ini_file() and parse_ini_string()
segmentation fault).
• Fixed bug #69781 (phpinfo() reports Professional Editions of
Windows 7/8/8.1/10 as "Business").
• Fixed bug #69740 (finally in generator (yield) swallows
exception in iteration).
• Fixed bug #69835 (phpinfo() does not report many Windows
SKUs).
• Fixed bug #69892 (Different arrays compare indentical due to
integer key truncation).
• Fixed bug #69874 (Can't set empty additional_headers for
mail()), regression from fix to bug #68776.
• GD:
• Fixed bug #61221 (imagegammacorrect function loses alpha
channel).
• GMP:
• Fixed bug #69803 (gmp_random_range() modifies second parameter
if GMP number).
• Mysqlnd:
• Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM)
(CVE-2015-3152).
• PCRE:
• Fixed bug #53823 (preg_replace: * qualifier on unicode replace
garbles the string).
• Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
• PDO_pgsql:
• Fixed bug #69752 (PDOStatement::execute() leaks memory with
DML Statements when closeCuror() is u).
• Fixed bug #69362 (PDO-pgsql fails to connect if password
contains a leading single quote).
• Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array
with gaps).
• SimpleXML:
• Refactored the fix for bug #66084 (simplexml_load_string()
mangles empty node name).
• SPL:
• Fixed bug #69737 (Segfault when SplMinHeap::compare produces
fatal error).
• Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian
Gustavo Veiga).
• Fixed bug #69970 (Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()).
• Sqlite3:
• Fixed bug #69972 (Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()).
Change History (4)
comment:1 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
comment:3 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 9 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at revision 16239.