Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 | Remi Collet | 2022-09-27 | 1 | -9/+20 |
| | | | | | | core: fix #81727 Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629 use oracle client library version 21.7 | ||||
* | use oracle client library version 21.6 | Remi Collet | 2022-06-07 | 1 | -9/+13 |
| | | | | | mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 | ||||
* | Fix #79971 special character is breaking the path in xml function | Remi Collet | 2021-11-15 | 1 | -1/+7 |
| | | | | CVE-2021-21707 | ||||
* | fix PHP-FPM oob R/W in root process leading to priv escalation | Remi Collet | 2021-10-20 | 1 | -5/+12 |
| | | | | | | CVE-2021-21703 use libicu version 69 use oracle client library version 21.3 | ||||
* | fix intl build on F35 | Remi Collet | 2021-09-07 | 1 | -1/+6 |
| | |||||
* | Fix #81211 Symlinks are followed when creating PHAR archive | Remi Collet | 2021-08-25 | 1 | -1/+6 |
| | |||||
* | Fix #81122 SSRF bypass in FILTER_VALIDATE_URL | Remi Collet | 2021-06-28 | 1 | -3/+16 |
| | | | | | | | | | CVE-2021-21705 Fix #76448 Stack buffer overflow in firebird_info_cb Fix #76449 SIGSEGV in firebird_handle_doer Fix #76450 SIGSEGV in firebird_stmt_execute Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704 | ||||
* | fix snmp extension build with net-snmp without DES | Remi Collet | 2021-05-27 | 1 | -1/+7 |
| | |||||
* | Fix #80710 imap_mail_compose() header injection | Remi Collet | 2021-04-28 | 1 | -17/+9 |
| | | | | use oracle client library version 21.1 | ||||
* | Fix #80672 Null Dereference in SoapClient | Remi Collet | 2021-02-03 | 1 | -1/+8 |
| | | | | | CVE-2021-21702 better fix for #77423 | ||||
* | Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo | Remi Collet | 2021-01-04 | 1 | -3/+11 |
| | | | | CVE-2020-7071 | ||||
* | Core: | Remi Collet | 2020-09-29 | 1 | -6/+14 |
| | | | | | | | | | Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent CVE-2020-7070 OpenSSL: Fix #79601 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7069 Fix bug #78079 openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c | ||||
* | F33 build | Remi Collet | 2020-08-20 | 1 | -0/+11 |
| | |||||
* | Core: | Remi Collet | 2020-08-04 | 1 | -1/+12 |
| | | | | | | | Fix #79877 getimagesize function silently truncates after a null byte Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068 | ||||
* | Core: | Remi Collet | 2020-05-12 | 1 | -1/+12 |
| | | | | | | | Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned | ||||
* | standard: | Remi Collet | 2020-04-14 | 1 | -1/+11 |
| | | | | | | Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067 | ||||
* | standard: | Remi Collet | 2020-03-17 | 1 | -2/+15 |
| | | | | | | | | | Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6) | ||||
* | Renew openssl certs | Remi Collet | 2020-02-18 | 1 | -0/+5 |
| | |||||
* | dom: | Remi Collet | 2020-02-18 | 1 | -1/+17 |
| | | | | | | | | | | Fix #77569 Write Access Violation in DomImplementation phar: Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063 session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062 | ||||
* | rebuild with 1 more fix | Remi Collet | 2020-01-23 | 1 | -2/+3 |
| | |||||
* | mbstring: | Remi Collet | 2020-01-21 | 1 | -1/+17 |
| | | | | | | | | | | Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 session: Fix #79091 heap use-after-free in session_create_id standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059 | ||||
* | - bcmath: | Remi Collet | 2019-12-17 | 1 | -2/+45 |
| | | | | | | | | | | | | | | | | Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6) | ||||
* | Update to 7.1.33 - http://www.php.net/releases/7_1_33.php | Remi Collet | 2019-10-23 | 1 | -1/+4 |
| | |||||
* | Update to 7.1.32 - http://www.php.net/releases/7_1_32.php | Remi Collet | 2019-08-28 | 1 | -1/+4 |
| | |||||
* | Update to 7.1.31 - http://www.php.net/releases/7_1_31.php | Remi Collet | 2019-07-31 | 1 | -2/+5 |
| | |||||
* | disable opcache.huge_code_pages in default configuration | Remi Collet | 2019-07-02 | 1 | -5/+3 |
| | |||||
* | use oracle client library version 19.3 | Remi Collet | 2019-06-17 | 1 | -2/+12 |
| | |||||
* | v7.1.30 | Remi Collet | 2019-05-28 | 1 | -2/+5 |
| | |||||
* | Update to 7.1.29 - http://www.php.net/releases/7_1_29.php | Remi Collet | 2019-05-01 | 1 | -1/+8 |
| | |||||
* | Update to 7.1.28 - http://www.php.net/releases/7_1_28.php | Remi Collet | 2019-04-02 | 1 | -3/+4 |
| | |||||
* | ensure php-devel pulls needed lilbraries from php-config output | Remi Collet | 2019-03-29 | 1 | -0/+6 |
| | |||||
* | Update to 7.1.27 - http://www.php.net/releases/7_1_27.php | Remi Collet | 2019-03-06 | 1 | -3/+8 |
| | | | | add upstream patch for OpenSSL 1.1.1b | ||||
* | cleanup for EL-8 | Remi Collet | 2019-01-18 | 1 | -10/+18 |
| | |||||
* | Update to 7.1.26 - http://www.php.net/releases/7_1_26.php | Remi Collet | 2019-01-09 | 1 | -4/+5 |
| | |||||
* | Fix null pointer dereference in imap_mail CVE-2018-19935 | Remi Collet | 2018-12-08 | 1 | -1/+6 |
| | |||||
* | Update to 7.1.25 - http://www.php.net/releases/7_1_25.php | Remi Collet | 2018-12-05 | 1 | -1/+4 |
| | |||||
* | v7.1.25RC1 | Remi Collet | 2018-11-22 | 1 | -6/+7 |
| | |||||
* | test build for https://github.com/php/php-src/pull/3666 | Remi Collet | 2018-11-15 | 1 | -1/+6 |
| | |||||
* | Update to 7.1.24 - http://www.php.net/releases/7_1_24.php | Remi Collet | 2018-11-07 | 1 | -2/+7 |
| | |||||
* | FPM: add getallheaders, backported from 7.3 | Remi Collet | 2018-10-25 | 1 | -1/+7 |
| | |||||
* | 7.1.24RC1 | Remi Collet | 2018-10-24 | 1 | -3/+6 |
| | |||||
* | Update to 7.1.23 - http://www.php.net/releases/7_1_23.php | Remi Collet | 2018-10-10 | 1 | -1/+4 |
| | |||||
* | update to 7.1.23RC1 | Remi Collet | 2018-09-29 | 1 | -5/+7 |
| | | | | use oracle client library version 18.3 | ||||
* | Update to 7.1.22 - http://www.php.net/releases/7_1_22.php | Remi Collet | 2018-09-11 | 1 | -1/+6 |
| | |||||
* | v7.1.22RC1 | Remi Collet | 2018-08-30 | 1 | -2/+5 |
| | |||||
* | Update to 7.1.21 - http://www.php.net/releases/7_1_21.php | Remi Collet | 2018-08-15 | 1 | -1/+4 |
| | |||||
* | add NCSA and PostgreSQL to License | Remi Collet | 2018-07-20 | 1 | -1/+4 |
| | |||||
* | Update to 7.1.20 - http://www.php.net/releases/7_1_20.php | Remi Collet | 2018-07-20 | 1 | -1/+4 |
| | |||||
* | v7.1.20RC1 | Remi Collet | 2018-07-06 | 1 | -2/+5 |
| | |||||
* | Update to 7.1.19 - http://www.php.net/releases/7_1_19.php | Remi Collet | 2018-06-21 | 1 | -1/+4 |
| |