Commit: 5d61a19b1699b09241dde57e0a41c5d0e858df80 Author: Lior Kaplan <[email protected]> Thu, 28 Apr 2016 04:14:54 +0300 Parents: 146e8d5c796cee3523df0937bc37d026f5242287 Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=5d61a19b1699b09241dde57e0a41c5d0e858df80 Log: Add CVE for #70014 (PHP 5.4.44, 5.5.28, 5.6.12 and 7.0.0) Bugs: https://bugs.php.net/70014 Changed paths: M ChangeLog-5.php M ChangeLog-7.php Diff: diff --git a/ChangeLog-5.php b/ChangeLog-5.php index 6cdb7a3..1e23b96 100644 --- a/ChangeLog-5.php +++ b/ChangeLog-5.php @@ -637,7 +637,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change <li>OpenSSL: <ul> <li><?php bugfix(69882); ?> (OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert).</li> - <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure).</li> + <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)</li> </ul></li> <li>Phar: <ul> @@ -674,7 +674,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change </ul></li> <li>OpenSSL: <ul> - <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure).</li> + <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)</li> </ul></li> <li>Phar: <ul> @@ -706,7 +706,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change </ul></li> <li>OpenSSL: <ul> - <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure).</li> + <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)</li> </ul></li> <li>Phar: <ul> diff --git a/ChangeLog-7.php b/ChangeLog-7.php index 3affb30..dee90fb 100644 --- a/ChangeLog-7.php +++ b/ChangeLog-7.php @@ -762,7 +762,7 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change <li><?php bugfix(70395); ?> (Missing ARG_INFO for openssl_seal()).</li> <li><?php bugfix(60632); ?> (openssl_seal fails with AES).</li> <li>Implemented FR <?php bugl(70438); ?> (Add IV parameter for openssl_seal and openssl_open).</li> - <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure).</li> + <li><?php bugfix(70014); ?> (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)</li> <li><?php bugfix(69882); ?> (OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert).</li> <li>Added "alpn_protocols" SSL context option allowing encrypted client/server streams to negotiate alternative protocols using the ALPN TLS extension when built against OpenSSL 1.0.2 or newer. Negotiated protocol information is accessible through stream_get_meta_data() output.</li> <li>Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic detection or the "peer_name" option instead.</li> -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
