Commit: 8a3145fee280134cd4466d99f0cbd897695aec99 Author: Lior Kaplan <kaplanl...@gmail.com> Wed, 25 Jan 2017 01:43:33 +0200 Parents: 610a8865c0ea29055b6ef42c83445ae35a676b35 Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=8a3145fee280134cd4466d99f0cbd897695aec99 Log: Add CVE ID to bugs #73825 (PHP 5.6.30, 7.0.15 and 7.1.1) and #73831 (PHP 7.0.15 and 7.1.1) Bugs: https://bugs.php.net/73825 https://bugs.php.net/73831 Changed paths: M ChangeLog-5.php M ChangeLog-7.php Diff: diff --git a/ChangeLog-5.php b/ChangeLog-5.php index 8711969..44f2910 100644 --- a/ChangeLog-5.php +++ b/ChangeLog-5.php @@ -38,7 +38,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change <li>Standard: <ul> <li><?php bugfix(70213); ?> (Unserialize context shared on double class lookup).</li> - <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()).</li> + <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li> </ul></li> </ul> <!-- }}} --></section> diff --git a/ChangeLog-7.php b/ChangeLog-7.php index 4d6ffc3..6912a55 100644 --- a/ChangeLog-7.php +++ b/ChangeLog-7.php @@ -16,8 +16,8 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change <li><?php bugfix(73663); ?> ("Invalid opcode 65/16/8" occurs with a variable created with list()).</li> <li><?php bugfix(73585); ?> (Logging of "Internal Zend error - Missing class information" missing class name).</li> <li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li> - <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()).</li> - <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object).</li> + <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li> + <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li> <li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()).</li> <li><?php bugfix(73092); ?> (Unserialize use-after-free when resizing object's properties hash table).</li> <li><?php bugfix(69425); ?> (Use After Free in unserialize()).</li> @@ -114,8 +114,8 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change <li><?php bugfix(73727); ?> (ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h).</li> <li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li> <li><?php bugfix(73783); ?> (SIG_IGN doesn't work when Zend Signals is enabled).</li> - <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()).</li> - <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object).</li> + <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li> + <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li> <li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()).</li> </ul> </li> -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
