id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 6990,php-5.6.14,Fernando de Oliveira,Pierre Labastie,"[http://www.php.net/distributions/php-5.6.14.tar.xz] [https://secure.php.net/downloads.php] md5: 96080ad8c5111446f58290cc6f18698c [http://www.php.net/distributions/php-5.6.14.tar.xz.asc] == Security Release == Security related bugs: [https://bugs.php.net/search.php?cmd=display&project=PHP&bug_type=Security&direction=DESC&limit=30&status=Closed&reorder_by=ts2] {{{ • ID# OS Summary ◦ 70433 Linux Uninitialized pointer in phar_make_dirstream when zip entry filename is ""/"" ◦ 69720 * Null pointer dereference in phar_get_fp_offset() }}} [https://secure.php.net/archive/2015.php#id2015-08-06-4] {{{ 01 Oct 2015 The PHP development team announces the immediate availability of PHP 5.6.14. This is a security release. Two security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version. }}} [https://secure.php.net/ChangeLog-5.php#5.6.14] {{{ Version 5.6.14 01 Oct 2015 • Core: • Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions). • CLI server: • Fixed bug #68291 (404 on urls with '+'). • DOM: • Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity encoding). • Mysqlnd: • Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to a server). • OpenSSL: • Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource). • Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). • Fixed bug #60632 (openssl_seal fails with AES). • Fixed bug #68312 (Lookup for openssl.cnf causes a message box). • PDO: • Fixed bug #70389 (PDO constructor changes unrelated variables). • Phar: • Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). • Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is ""/""). • Phpdbg: • Fix phpdbg_break_next() sometimes not breaking. • Standard: • Fixed bug #67131 (setcookie() conditional for empty values not met). • Streams: • Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections). • Zip: • Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). }}}",enhancement,closed,high,7.9,BOOK,SVN,normal,fixed,,