Friday, June 24, 2016

PHP 5.5.37 is released

PHP 5.5.37 is released, is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world.



PHP 5.5.37 ChangeLog

  • Core:
    • Fixed bug #72268 (Integer Overflow in nl2br()).
    • Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).
    • Fixed bug #72400 (Integer Overflow in addcslashes/addslashes).
    • Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL).
  • GD:
    • Fixed bug #66387 (Stack overflow with imagefilltoborder) (CVE-2015-8874).
    • Fixed bug #72298 (pass2_no_dither out-of-bounds access).
    • Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow).
    • Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert).
    • Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow).
  • mbstring:
    • Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free).
  • mcrypt:
    • Fixed bug #72455 (Heap Overflow due to integer overflows).
  • SPL:
    • Fixed bug #72262 (int/size_t confusion in SplFileObject::fread).
    • Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize).
  • WDDX:
    • Fixed bug #72340 (Double Free Courruption in wddx_deserialize).
  • zip:
    • Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize).
Download: PHP 5.5.37 is released

No comments:

Post a Comment