Opened 6 years ago

Closed 6 years ago

#7332 closed enhancement (fixed)

php-7.0.2

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: high Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Fixes Include 6 Security Related Issues

http://www.php.net/distributions/php-7.0.2.tar.xz

http://www.php.net/distributions/php-7.0.2.tar.xz.asc

https://secure.php.net/downloads.php

md5: ce5964672e4ec0b66ff088a6bafde8c7

https://secure.php.net/archive/2016.php

PHP 7.0.2 Released
07 Jan 2016

The PHP development team announces the immediate availability of PHP
7.0.2. 31 reported bugs has been fixed, including 6 security related
issues. All PHP 7.0 users are encouraged to upgrade to this version.

For source downloads of PHP 7.0.2 please visit our downloads page,
Windows source and binaries can be found on windows.php.net/download/.
The list of changes is recorded in the ChangeLog.

https://secure.php.net/ChangeLog-7.php

PHP 7 ChangeLog
Version 7.0.2
07 Jan 2016

 • Core:
   ◦ Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
   ◦ Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls).
   ◦ Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work).
   ◦ Fixed bug #71092 (Segmentation fault with return type hinting).
   ◦ Fixed bug memleak in header_register_callback.
   ◦ Fixed bug #71067 (Local object in class method stays in memory for
     each call).
   ◦ Fixed bug #66909 (configure fails utf8_to_mutf7 test).
   ◦ Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
   ◦ Fixed bug #71089 (No check to duplicate zend_extension).
   ◦ Fixed bug #71086 (Invalid numeric literal parse error within
     highlight_string() function).
   ◦ Fixed bug #71154 (Incorrect HT iterator invalidation causes
     iterator reuse).
   ◦ Fixed bug #52355 (Negating zero does not produce negative zero).
   ◦ Fixed bug #66179 (var_export() exports float as integer).
   ◦ Fixed bug #70804 (Unary add on negative zero produces positive
     zero).
 • CURL:
   ◦ Fixed bug #71144 (Sementation fault when using cURL with ZTS).
 • DBA:
   ◦ Fixed key leak with invalid resource.
 • Filter:
   ◦ Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work).
 • FTP:
   ◦ Implemented FR #55651 (Option to ignore the returned FTP PASV
     address).
 • FPM:
   ◦ Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
 • GD:
   ◦ Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array
     Index Out of Bounds).
 • Mbstring:
   ◦ Fixed bug #71066 (mb_send_mail: Program terminated with signal
     SIGSEGV, Segmentation fault).
 • Opcache:
   ◦ Fixed bug #71127 (Define in auto_prepend_file is overwrite).
 • PCRE:
   ◦ Fixed bug #71178 (preg_replace with arrays creates [0] in replace
     array if not already set).
 • Readline:
   ◦ Fixed bug #71094 (readline_completion_function corrupts static
     array on second TAB).
 • Session:
   ◦ Fixed bug #71122 (Session GC may not remove obsolete session data).
 • SPL:
   ◦ Fixed bug #71077 (ReflectionMethod for ArrayObject constructor
     returns wrong number of parameters).
   ◦ Fixed bug #71153 (Performance Degradation in ArrayIterator with
     large arrays).
 • Standard:
   ◦ Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions).
 • WDDX:
   ◦ Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet
     Deserialization).
   ◦ Fixed bug #70741 (Session WDDX Packet Deserialization Type
     Confusion Vulnerability).
 • XMLRPC:
   ◦ Fixed bug #70728 (Type Confusion Vulnerability in
     PHP_to_XMLRPC_worker).

Change History (2)

comment:1 by Fernando de Oliveira, 6 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 6 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.