Opened 8 years ago

Closed 8 years ago

#6162 closed enhancement (fixed)


Reported by: Fernando de Oliveira Owned by: Pierre Labastie
Priority: high Milestone: 7.7
Component: BOOK Version: SVN
Severity: normal Keywords:


The PHP development team announces the immediate availability of PHP
5.6.6. This release fixes several bugs and addresses CVE-2015-0235 and
CVE-2015-0273. All PHP 5.6 users are encouraged to upgrade to this

∙ Core:
  ∙ Removed support for multi-line headers, as the are deprecated by RFC
  ∙ Fixed bug #67068 (getClosure returns somethings that's not a
  ∙ Fixed bug #68942 (Use after free vulnerability in unserialize() with
    DateTimeZone). (CVE-2015-0273)
  ∙ Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc
    gethostbyname buffer overflow).
  ∙ Fixed bug #67988 (htmlspecialchars() does not respect
    default_charset specified by ini_set) (Yasuo)
  ∙ Added NULL byte protection to exec, system and passthru.
∙ Dba:
  ∙ Fixed bug #68711 (useless comparisons).
∙ Enchant:
  ∙ Fixed bug #68552 (heap buffer overflow in
∙ Fileinfo:
  ∙ Fixed bug #68827 (Double free with disabled ZMM).
  ∙ Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime
    files correctly).
  ∙ Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with
    some gifs).
∙ FPM:
  ∙ Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
  ∙ Fixed bug #68571 (core dump when webserver close the socket).
  ∙ Fixed bug #50224 (json_encode() does not always encode a float as a
    float) by adding JSON_PRESERVE_ZERO_FRACTION.
  ∙ Fixed bug #64938 (libxml_disable_entity_loader setting is shared
    between threads).
∙ Mysqli:
  ∙ Fixed bug #68114 (linker error on some OS X machines with fixed
    width decimal support) (Keyur Govande)
  ∙ Fixed bug #68657 (Reading 4 byte floats with Mysqli and
    libmysqlclient has rounding errors) (Keyur Govande)
∙ Opcache:
  ∙ Fixed bug with try blocks being removed when extended_info opcode
    generation is turned on.
∙ PDO_mysql:
  ∙ Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
    named pipes).
∙ Phar:
  ∙ Fixed bug #68901 (use after free).
∙ Pgsql:
  ∙ Fixed bug #65199 (pg_copy_from() modifies input array variable)
∙ Session:
  ∙ Fixed bug #68941 ( is a bash-script) (bugzilla at,
  ∙ Fixed bug #66623 (no EINTR check on flock) (Yasuo)
  ∙ Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
∙ Sqlite3:
  ∙ Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
∙ Standard:
  ∙ Fixed bug #65272 (flock() out parameter not set correctly in
  ∙ Fixed bug #69033 (Request may get env. variables from previous
    requests if PHP works as FastCGI).
∙ Streams:
  ∙ Fixed bug which caused call after final close on streams filter.

Change History (5)

comment:1 by Fernando de Oliveira, 8 years ago

Please, I would like to have confirmation if this is the type of security fix we are still considering for 7.7.

comment:2 by bdubbs@…, 8 years ago

Go ahead and update. We haven't tagged much so far.

comment:3 by Pierre Labastie, 8 years ago

Owner: changed from blfs-book@… to Pierre Labastie
Status: newassigned

I can do that one while I am building LFS-7.7rc1

comment:4 by Pierre Labastie, 8 years ago

Built ok tonight. Will commit tomorrow.

comment:5 by Pierre Labastie, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r15544

Note: See TracTickets for help on using tickets.