#7332: php-7.0.2
-------------------------+-------------------------
Reporter: fo | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: high | Milestone: 7.9
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-------------------------
== Fixes Include 6 Security Related Issues ==
[http://www.php.net/distributions/php-7.0.2.tar.xz]
[http://www.php.net/distributions/php-7.0.2.tar.xz.asc]
[https://secure.php.net/downloads.php]
md5: ce5964672e4ec0b66ff088a6bafde8c7
[https://secure.php.net/archive/2016.php]
{{{
PHP 7.0.2 Released
07 Jan 2016
The PHP development team announces the immediate availability of PHP
7.0.2. 31 reported bugs has been fixed, including 6 security related
issues. All PHP 7.0 users are encouraged to upgrade to this version.
For source downloads of PHP 7.0.2 please visit our downloads page,
Windows source and binaries can be found on windows.php.net/download/.
The list of changes is recorded in the ChangeLog.
}}}
[https://secure.php.net/ChangeLog-7.php]
{{{
PHP 7 ChangeLog
Version 7.0.2
07 Jan 2016
• Core:
◦ Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
◦ Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls).
◦ Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work).
◦ Fixed bug #71092 (Segmentation fault with return type hinting).
◦ Fixed bug memleak in header_register_callback.
◦ Fixed bug #71067 (Local object in class method stays in memory for
each call).
◦ Fixed bug #66909 (configure fails utf8_to_mutf7 test).
◦ Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
◦ Fixed bug #71089 (No check to duplicate zend_extension).
◦ Fixed bug #71086 (Invalid numeric literal parse error within
highlight_string() function).
◦ Fixed bug #71154 (Incorrect HT iterator invalidation causes
iterator reuse).
◦ Fixed bug #52355 (Negating zero does not produce negative zero).
◦ Fixed bug #66179 (var_export() exports float as integer).
◦ Fixed bug #70804 (Unary add on negative zero produces positive
zero).
• CURL:
◦ Fixed bug #71144 (Sementation fault when using cURL with ZTS).
• DBA:
◦ Fixed key leak with invalid resource.
• Filter:
◦ Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work).
• FTP:
◦ Implemented FR #55651 (Option to ignore the returned FTP PASV
address).
• FPM:
◦ Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
• GD:
◦ Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array
Index Out of Bounds).
• Mbstring:
◦ Fixed bug #71066 (mb_send_mail: Program terminated with signal
SIGSEGV, Segmentation fault).
• Opcache:
◦ Fixed bug #71127 (Define in auto_prepend_file is overwrite).
• PCRE:
◦ Fixed bug #71178 (preg_replace with arrays creates [0] in replace
array if not already set).
• Readline:
◦ Fixed bug #71094 (readline_completion_function corrupts static
array on second TAB).
• Session:
◦ Fixed bug #71122 (Session GC may not remove obsolete session data).
• SPL:
◦ Fixed bug #71077 (ReflectionMethod for ArrayObject constructor
returns wrong number of parameters).
◦ Fixed bug #71153 (Performance Degradation in ArrayIterator with
large arrays).
• Standard:
◦ Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions).
• WDDX:
◦ Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet
Deserialization).
◦ Fixed bug #70741 (Session WDDX Packet Deserialization Type
Confusion Vulnerability).
• XMLRPC:
◦ Fixed bug #70728 (Type Confusion Vulnerability in
PHP_to_XMLRPC_worker).
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/7332>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
