Opened 6 years ago

Closed 6 years ago

#6711 closed enhancement (fixed)

php-5.6.11

Reported by: Fernando de Oliveira Owned by: bdubbs@…
Priority: high Milestone: 7.8
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Notice:

s/tar.bz2/tar.xz/

Also it was once recommended, but I don't know if it is still true:

s/http/https/

Security:

https://bugs.php.net/bug.php?id=69669

mysqlnd allows downgrade to non-SSL connection even if SSL was requested

Also see:

http://www.securityweek.com/mysql-ssltls-connections-risk-due-backronym-flaw

MySQL, Oracle’s relational database management system, is plagued by a vulnerability that can be exploited to downgrade SSL/TLS connections, according to researchers at Duo Security.

https://www.php.net/distributions/php-5.6.11.tar.xz

https://secure.php.net/downloads.php

md5: a0c842c1d30fedbe972e1556ae9cee27

https://www.php.net/distributions/php-5.6.11.tar.xz.asc

https://php.net/ChangeLog-5.php#5.6.11

Version 5.6.11
10 Jul 2015

   • Core:
        • Fixed bug #69768 (escapeshell*() doesn't cater to !).
        • Fixed bug #69703 (Use __builtin_clzl on PowerPC).
        • Fixed bug #69732 (can induce segmentation fault with basic php
          code).
        • Fixed bug #69642 (Windows 10 reported as Windows 8).
        • Fixed bug #69551 (parse_ini_file() and parse_ini_string()
          segmentation fault).
        • Fixed bug #69781 (phpinfo() reports Professional Editions of
          Windows 7/8/8.1/10 as "Business").
        • Fixed bug #69740 (finally in generator (yield) swallows
          exception in iteration).
        • Fixed bug #69835 (phpinfo() does not report many Windows
          SKUs).
        • Fixed bug #69892 (Different arrays compare indentical due to
          integer key truncation).
        • Fixed bug #69874 (Can't set empty additional_headers for
          mail()), regression from fix to bug #68776.
   • GD:
        • Fixed bug #61221 (imagegammacorrect function loses alpha
          channel).
   • GMP:
        • Fixed bug #69803 (gmp_random_range() modifies second parameter
          if GMP number).
   • Mysqlnd:
        • Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM)
          (CVE-2015-3152).
   • PCRE:
        • Fixed bug #53823 (preg_replace: * qualifier on unicode replace
          garbles the string).
        • Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
   • PDO_pgsql:
        • Fixed bug #69752 (PDOStatement::execute() leaks memory with
          DML Statements when closeCuror() is u).
        • Fixed bug #69362 (PDO-pgsql fails to connect if password
          contains a leading single quote).
        • Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array
          with gaps).
   • SimpleXML:
        • Refactored the fix for bug #66084 (simplexml_load_string()
          mangles empty node name).
   • SPL:
        • Fixed bug #69737 (Segfault when SplMinHeap::compare produces
          fatal error).
        • Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian
          Gustavo Veiga).
        • Fixed bug #69970 (Use-after-free vulnerability in
          spl_recursive_it_move_forward_ex()).
   • Sqlite3:
        • Fixed bug #69972 (Use-after-free vulnerability in
          sqlite3SafetyCheckSickOrOk()).

Change History (4)

comment:1 by Fernando de Oliveira, 6 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 6 years ago

Owner: changed from Fernando de Oliveira to blfs-book@…
Status: assignednew

comment:3 by bdubbs@…, 6 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:4 by bdubbs@…, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 16239.

Note: See TracTickets for help on using tickets.