Opened 10 years ago
Closed 10 years ago
#6162 closed enhancement (fixed)
php-5.6.6
Reported by: | Fernando de Oliveira | Owned by: | Pierre Labastie |
---|---|---|---|
Priority: | high | Milestone: | 7.7 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
http://www.php.net/distributions/php-5.6.6.tar.xz
The PHP development team announces the immediate availability of PHP 5.6.6. This release fixes several bugs and addresses CVE-2015-0235 and CVE-2015-0273. All PHP 5.6 users are encouraged to upgrade to this version.
http://php.net/ChangeLog-5.php#5.6.6
∙ Core: ∙ Removed support for multi-line headers, as the are deprecated by RFC 7230. ∙ Fixed bug #67068 (getClosure returns somethings that's not a closure). ∙ Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) ∙ Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). ∙ Fixed bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo) ∙ Added NULL byte protection to exec, system and passthru. ∙ Dba: ∙ Fixed bug #68711 (useless comparisons). ∙ Enchant: ∙ Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). ∙ Fileinfo: ∙ Fixed bug #68827 (Double free with disabled ZMM). ∙ Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly). ∙ Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs). ∙ FPM: ∙ Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). ∙ Fixed bug #68571 (core dump when webserver close the socket). ∙ JSON: ∙ Fixed bug #50224 (json_encode() does not always encode a float as a float) by adding JSON_PRESERVE_ZERO_FRACTION. ∙ LIBXML: ∙ Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). ∙ Mysqli: ∙ Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) ∙ Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande) ∙ Opcache: ∙ Fixed bug with try blocks being removed when extended_info opcode generation is turned on. ∙ PDO_mysql: ∙ Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). ∙ Phar: ∙ Fixed bug #68901 (use after free). ∙ Pgsql: ∙ Fixed bug #65199 (pg_copy_from() modifies input array variable) (Yasuo) ∙ Session: ∙ Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo) ∙ Fixed bug #66623 (no EINTR check on flock) (Yasuo) ∙ Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo) ∙ Sqlite3: ∙ Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). ∙ Standard: ∙ Fixed bug #65272 (flock() out parameter not set correctly in windows). ∙ Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI). ∙ Streams: ∙ Fixed bug which caused call after final close on streams filter.
Change History (5)
comment:1 by , 10 years ago
comment:3 by , 10 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
I can do that one while I am building LFS-7.7rc1
Note:
See TracTickets
for help on using tickets.
Please, I would like to have confirmation if this is the type of security fix we are still considering for 7.7.