Opened 9 years ago
Closed 9 years ago
#7332 closed enhancement (fixed)
php-7.0.2
Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
---|---|---|---|
Priority: | high | Milestone: | 7.9 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
Fixes Include 6 Security Related Issues
http://www.php.net/distributions/php-7.0.2.tar.xz
http://www.php.net/distributions/php-7.0.2.tar.xz.asc
https://secure.php.net/downloads.php
md5: ce5964672e4ec0b66ff088a6bafde8c7
https://secure.php.net/archive/2016.php
PHP 7.0.2 Released 07 Jan 2016 The PHP development team announces the immediate availability of PHP 7.0.2. 31 reported bugs has been fixed, including 6 security related issues. All PHP 7.0 users are encouraged to upgrade to this version. For source downloads of PHP 7.0.2 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
https://secure.php.net/ChangeLog-7.php
PHP 7 ChangeLog Version 7.0.2 07 Jan 2016 • Core: ◦ Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7). ◦ Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). ◦ Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). ◦ Fixed bug #71092 (Segmentation fault with return type hinting). ◦ Fixed bug memleak in header_register_callback. ◦ Fixed bug #71067 (Local object in class method stays in memory for each call). ◦ Fixed bug #66909 (configure fails utf8_to_mutf7 test). ◦ Fixed bug #70781 (Extension tests fail on dynamic ext dependency). ◦ Fixed bug #71089 (No check to duplicate zend_extension). ◦ Fixed bug #71086 (Invalid numeric literal parse error within highlight_string() function). ◦ Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse). ◦ Fixed bug #52355 (Negating zero does not produce negative zero). ◦ Fixed bug #66179 (var_export() exports float as integer). ◦ Fixed bug #70804 (Unary add on negative zero produces positive zero). • CURL: ◦ Fixed bug #71144 (Sementation fault when using cURL with ZTS). • DBA: ◦ Fixed key leak with invalid resource. • Filter: ◦ Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). • FTP: ◦ Implemented FR #55651 (Option to ignore the returned FTP PASV address). • FPM: ◦ Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). • GD: ◦ Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). • Mbstring: ◦ Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault). • Opcache: ◦ Fixed bug #71127 (Define in auto_prepend_file is overwrite). • PCRE: ◦ Fixed bug #71178 (preg_replace with arrays creates [0] in replace array if not already set). • Readline: ◦ Fixed bug #71094 (readline_completion_function corrupts static array on second TAB). • Session: ◦ Fixed bug #71122 (Session GC may not remove obsolete session data). • SPL: ◦ Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns wrong number of parameters). ◦ Fixed bug #71153 (Performance Degradation in ArrayIterator with large arrays). • Standard: ◦ Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions). • WDDX: ◦ Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization). ◦ Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability). • XMLRPC: ◦ Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).
Change History (2)
comment:1 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r16795.
ftp://ftp.isu.edu.tw/pub/Unix/Web/PHP/distributions/php-&php-version;.tar.xz
commented out, because was down.