[h=3]Version 5.5.37[/h]
[h=3]Version 5.6.2323 Jun 2016
mcrypt:
- Core:
- GD:
- Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
- Fixed bug #72298 (pass2_no_dither out-of-bounds access).
- Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
- Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert).
- Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
- mbstring:
- Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
- Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
SPL:
- Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (CVE-2016-5770)
- Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5771)
WDDX:
- Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
zip:
- Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)
[h=3]Version 7.0.8[/h][/h]23 Jun 2016
- Core:
- GD:
- Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
- Fixed bug #72298 (pass2_no_dither out-of-bounds access).
- Fixed bug #72337 (invalid dimensions can lead to crash).
- Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
- Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert).
- Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
- Intl:
- Fixed bug #70484 (selectordinal doesn't work with named parameters).
- mbstring:
- Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
- mcrypt:
- Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
- OpenSSL:
- Fixed bug #72140 (segfault after calling ERR_free_strings()).
- Phar:
- Fixed bug #72321 (invalid free in phar_extract_file()).
- SPL:
- WDDX:
- Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
- zip:
- Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)
23 Jun 2016
- Core:
- Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes).
- Fixed bug #72221 (segfault, past-the-end access).
- Fixed bug #72268 (Integer Overflow in nl2br()).
- Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).
- Fixed bug #72400 (Integer Overflow in addcslashes/addslashes).
- Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL).
- FPM:
- Fixed bug #72308 (fastcgi_finish_request and logging environment variables).
- GD:
- Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
- Fixed bug #72298 (pass2_no_dither out-of-bounds access).
- Fixed bug #72337 (invalid dimensions can lead to crash).
- Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
- Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert).
- Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
- Intl:
- Fixed bug #70484 (selectordinal doesn't work with named parameters).
- mbstring:
- Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
- mcrypt:
- Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
- OpenSSL:
- Fixed bug #72140 (segfault after calling ERR_free_strings()).
- PCRE:
- Fixed bug #72143 (preg_replace uses int instead of size_t).
- PDO_pgsql:
- Phar:
- Fixed bug #72321 (invalid free in phar_extract_file()).
- Phpdbg:
- Fixed bug #72284 (phpdbg fatal errors with coverage).
- Postgres:
- Standard:
- WDDX:
- Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
- XML:
- Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem).
- XMLRPC:
- Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
- Zip: