Opened 9 years ago
Closed 9 years ago
#6711 closed enhancement (fixed)
php-5.6.11
Reported by: | Fernando de Oliveira | Owned by: | |
---|---|---|---|
Priority: | high | Milestone: | 7.8 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
Notice:
s/tar.bz2/tar.xz/
Also it was once recommended, but I don't know if it is still true:
s/http/https/
Security:
https://bugs.php.net/bug.php?id=69669
mysqlnd allows downgrade to non-SSL connection even if SSL was requested
Also see:
http://www.securityweek.com/mysql-ssltls-connections-risk-due-backronym-flaw
MySQL, Oracle’s relational database management system, is plagued by a vulnerability that can be exploited to downgrade SSL/TLS connections, according to researchers at Duo Security.
https://www.php.net/distributions/php-5.6.11.tar.xz
https://secure.php.net/downloads.php
md5: a0c842c1d30fedbe972e1556ae9cee27
https://www.php.net/distributions/php-5.6.11.tar.xz.asc
https://php.net/ChangeLog-5.php#5.6.11
Version 5.6.11 10 Jul 2015 • Core: • Fixed bug #69768 (escapeshell*() doesn't cater to !). • Fixed bug #69703 (Use __builtin_clzl on PowerPC). • Fixed bug #69732 (can induce segmentation fault with basic php code). • Fixed bug #69642 (Windows 10 reported as Windows 8). • Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). • Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). • Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). • Fixed bug #69835 (phpinfo() does not report many Windows SKUs). • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). • Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. • GD: • Fixed bug #61221 (imagegammacorrect function loses alpha channel). • GMP: • Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). • Mysqlnd: • Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152). • PCRE: • Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). • Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab) • PDO_pgsql: • Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). • Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). • Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). • SimpleXML: • Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). • SPL: • Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). • Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga). • Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). • Sqlite3: • Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()).
Change History (4)
comment:1 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | assigned → new |
comment:3 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed at revision 16239.