Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI InterfaceHEADmaster | Remi Collet | 20 hours | 7 | -4/+710 |
| | | | | | | | | | | | | GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 | ||||
* | Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI | Remi Collet | 2024-09-27 | 5 | -9/+561 |
| | | | | | | | | | | CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Erroneous parsing of multipart form data CVE-2024-8925 | ||||
* | use oracle client library version 23.5 on x86_64 | Remi Collet | 2024-07-31 | 2 | -544/+792 |
| | |||||
* | Fix filter bypass in filter_var FILTER_VALIDATE_URL | Remi Collet | 2024-06-05 | 2 | -3/+193 |
| | | | | CVE-2024-5458 | ||||
* | use oracle client library version 21.13 on x86_64, 19.19 on aarch64 | Remi Collet | 2024-04-10 | 4 | -6/+300 |
| | | | | | | | Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096 | ||||
* | use oracle client library version 21.11 on x86_64, 19.19 on aarch64 | Remi Collet | 2023-10-16 | 1 | -5/+17 |
| | | | | use official Oracle Instant Client RPM | ||||
* | use official Oracle Instant Client RPM | Remi Collet | 2023-09-22 | 2 | -47/+23 |
| | |||||
* | Fix Security issue with external entity loading in XML without enabling it | Remi Collet | 2023-08-01 | 3 | -5/+821 |
| | | | | | | | GHSA-3qrf-m4j2-pcrr CVE-2023-3823 Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824 move httpd/nginx wants directive to config files in /etc | ||||
* | fix possible buffer overflow in date | Remi Collet | 2023-06-21 | 3 | -40/+70 |
| | |||||
* | Fix Missing error check and insufficient random bytes in HTTP Digest | Remi Collet | 2023-06-07 | 3 | -3/+141 |
| | | | | | | | authentication for SOAP GHSA-76gg-c692-v2mw use oracle client library version 21.10 define __phpize and __phpconfig | ||||
* | fix #81744: Password_verify() always return true with some hash | Remi Collet | 2023-02-14 | 5 | -8/+459 |
| | | | | | | | | CVE-2023-0567 fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 fix DOS vulnerability when parsing multipart request body CVE-2023-0662 | ||||
* | pdo: fix #81740: PDO::quote() may return unquoted string | Remi Collet | 2022-12-19 | 2 | -3/+97 |
| | | | | | CVE-2022-31631 use oracle client library version 21.8 | ||||
* | hash: fix #81738: buffer overflow in hash_update() on long parameter. | Remi Collet | 2022-10-24 | 2 | -1/+136 |
| | | | | CVE-2022-37454 | ||||
* | fix NEWS | Remi Collet | 2022-09-30 | 1 | -0/+33 |
| | |||||
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 2 | -2/+61 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 4 | -8/+188 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | use oracle client library version 21.6 | Remi Collet | 2022-06-07 | 4 | -422/+689 |
| | | | | | mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 | ||||
* | Fix #79971 special character is breaking the path in xml function | Remi Collet | 2021-11-15 | 3 | -3/+176 |
| | | | | CVE-2021-21707 | ||||
* | refresh patch (with NEWS) | Remi Collet | 2021-10-20 | 1 | -3/+32 |
| | |||||
* | fix PHP-FPM oob R/W in root process leading to priv escalation | Remi Collet | 2021-10-20 | 4 | -5/+428 |
| | | | | | | CVE-2021-21703 use libicu version 69 use oracle client library version 21.3 | ||||
* | Fix #81211 Symlinks are followed when creating PHAR archive | Remi Collet | 2021-08-25 | 2 | -1/+169 |
| | |||||
* | Fix #81122 SSRF bypass in FILTER_VALIDATE_URL | Remi Collet | 2021-06-28 | 5 | -5/+317 |
| | | | | | | | | | CVE-2021-21705 Fix #76448 Stack buffer overflow in firebird_info_cb Fix #76449 SIGSEGV in firebird_handle_doer Fix #76450 SIGSEGV in firebird_stmt_execute Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704 | ||||
* | Fix #80710 imap_mail_compose() header injection | Remi Collet | 2021-04-28 | 3 | -334/+792 |
| | | | | use oracle client library version 21.1 | ||||
* | Fix #80672 Null Dereference in SoapClient | Remi Collet | 2021-02-03 | 4 | -2/+528 |
| | | | | | CVE-2021-21702 better fix for #77423 | ||||
* | Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo | Remi Collet | 2021-01-04 | 3 | -6/+208 |
| | | | | CVE-2020-7071 | ||||
* | fix obsoletes | Remi Collet | 2020-10-28 | 1 | -1/+1 |
| | |||||
* | Update to 7.2.34 - http://www.php.net/releases/7_2_34.php | Remi Collet | 2020-09-30 | 2 | -13/+14 |
| | |||||
* | fix dates in changelog | Remi Collet | 2020-08-07 | 1 | -2/+2 |
| | |||||
* | Update to 7.2.33 - http://www.php.net/releases/7_2_33.php | Remi Collet | 2020-08-04 | 2 | -5/+6 |
| | |||||
* | Update to 7.2.32 (no change) | Remi Collet | 2020-07-08 | 4 | -8/+20 |
| | | | | display build system and provider in phpinfo (from 8.0) | ||||
* | rebuild using oniguruma5php | Remi Collet | 2020-06-09 | 2 | -4/+12 |
| | | | | build phpdbg only once | ||||
* | Update to 7.2.31 - http://www.php.net/releases/7_2_31.php | Remi Collet | 2020-05-12 | 3 | -297/+99 |
| | |||||
* | Update to 7.2.30 - http://www.php.net/releases/7_2_30.php | Remi Collet | 2020-04-15 | 2 | -2/+5 |
| | |||||
* | Update to 7.2.29 - http://www.php.net/releases/7_2_29.php | Remi Collet | 2020-03-17 | 2 | -3/+7 |
| | | | | use oracle client library version 19.6 (18.5 on EL-6) | ||||
* | Update to 7.2.28 - http://www.php.net/releases/7_2_28.php | Remi Collet | 2020-02-18 | 2 | -7/+6 |
| | |||||
* | Update to 7.2.27 - http://www.php.net/releases/7_2_27.php | Remi Collet | 2020-02-18 | 2 | -3/+7 |
| | |||||
* | - Update to 7.2.26 - http://www.php.net/releases/7_2_26.php | Remi Collet | 2019-12-17 | 2 | -3/+11 |
| | | | | - use oracle client library version 19.5 (18.5 on EL-6) | ||||
* | update to 7.2.26RC1 | Remi Collet | 2019-12-03 | 2 | -3/+6 |
| | |||||
* | Update to 7.2.25 - http://www.php.net/releases/7_2_25.php | Remi Collet | 2019-11-20 | 2 | -5/+6 |
| | |||||
* | update to 7.2.25RC1 | Remi Collet | 2019-11-05 | 2 | -8/+11 |
| | |||||
* | Update to 7.2.24 - http://www.php.net/releases/7_2_24.php | Remi Collet | 2019-10-22 | 2 | -5/+12 |
| | |||||
* | update to 7.2.24RC1 | Remi Collet | 2019-10-08 | 2 | -3/+6 |
| | |||||
* | Update to 7.2.23 - http://www.php.net/releases/7_2_23.php | Remi Collet | 2019-09-25 | 2 | -3/+9 |
| | |||||
* | add tarball signature check | Remi Collet | 2019-09-11 | 2 | -0/+527 |
| | |||||
* | v7.2.23RC1 | Remi Collet | 2019-09-11 | 3 | -42/+8 |
| | |||||
* | - Update to 7.2.22 - http://www.php.net/releases/7_2_22.php | Remi Collet | 2019-08-28 | 3 | -4/+46 |
| | | | | | - fix generator incorrectly reports non-releasable $this as GC child https://bugs.php.net/78412 | ||||
* | 7.2.22RC1 | Remi Collet | 2019-08-19 | 2 | -6/+7 |
| | |||||
* | Update to 7.2.21 - http://www.php.net/releases/7_2_21.php | Remi Collet | 2019-07-30 | 3 | -54/+8 |
| | |||||
* | - update to 7.2.21RC1 | Remi Collet | 2019-07-16 | 3 | -5/+58 |
| | | | | - add upstream patch for #78297 | ||||
* | - Update to 7.2.20 - http://www.php.net/releases/7_2_20.php | Remi Collet | 2019-07-02 | 2 | -11/+8 |
| | | | | - disable opcache.huge_code_pages in default configuration |