#6711: php-5.6.11
-------------------------+-------------------------
Reporter: fo | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: high | Milestone: 7.8
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-------------------------
Notice:
s/tar.bz2/tar.xz/
Also it was once recommended, but I don't know if it is still true:
s/http/https/
Security:
[https://bugs.php.net/bug.php?id=69669]
'''mysqlnd allows downgrade to non-SSL connection even if SSL was
requested'''
Also see:
[http://www.securityweek.com/mysql-ssltls-connections-risk-due-backronym-
flaw]
'''MySQL, Oracle’s relational database management system, is plagued by a
vulnerability that can be exploited to downgrade SSL/TLS connections,
according to researchers at Duo Security.'''
[https://www.php.net/distributions/php-5.6.11.tar.xz]
[https://secure.php.net/downloads.php]
md5: a0c842c1d30fedbe972e1556ae9cee27
[https://www.php.net/distributions/php-5.6.11.tar.xz.asc]
[https://php.net/ChangeLog-5.php#5.6.11]
{{{
Version 5.6.11
10 Jul 2015
• Core:
• Fixed bug #69768 (escapeshell*() doesn't cater to !).
• Fixed bug #69703 (Use __builtin_clzl on PowerPC).
• Fixed bug #69732 (can induce segmentation fault with basic php
code).
• Fixed bug #69642 (Windows 10 reported as Windows 8).
• Fixed bug #69551 (parse_ini_file() and parse_ini_string()
segmentation fault).
• Fixed bug #69781 (phpinfo() reports Professional Editions of
Windows 7/8/8.1/10 as "Business").
• Fixed bug #69740 (finally in generator (yield) swallows
exception in iteration).
• Fixed bug #69835 (phpinfo() does not report many Windows
SKUs).
• Fixed bug #69892 (Different arrays compare indentical due to
integer key truncation).
• Fixed bug #69874 (Can't set empty additional_headers for
mail()), regression from fix to bug #68776.
• GD:
• Fixed bug #61221 (imagegammacorrect function loses alpha
channel).
• GMP:
• Fixed bug #69803 (gmp_random_range() modifies second parameter
if GMP number).
• Mysqlnd:
• Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM)
(CVE-2015-3152).
• PCRE:
• Fixed bug #53823 (preg_replace: * qualifier on unicode replace
garbles the string).
• Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
• PDO_pgsql:
• Fixed bug #69752 (PDOStatement::execute() leaks memory with
DML Statements when closeCuror() is u).
• Fixed bug #69362 (PDO-pgsql fails to connect if password
contains a leading single quote).
• Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array
with gaps).
• SimpleXML:
• Refactored the fix for bug #66084 (simplexml_load_string()
mangles empty node name).
• SPL:
• Fixed bug #69737 (Segfault when SplMinHeap::compare produces
fatal error).
• Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian
Gustavo Veiga).
• Fixed bug #69970 (Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()).
• Sqlite3:
• Fixed bug #69972 (Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()).
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6711>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
