PHP 5 ChangeLog

10 Jan 2019

GD:
- Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
- Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
Mbstring:
- Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
- Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
- Fixed bug #77381 (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
- Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
- Fixed bug #77385 (buffer overflow in fetch_token). (CVE-2019-9023)
- Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
- Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
Phar:
- Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
Xmlrpc:
- Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
- Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)

06 Dec 2018

Core:
- Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
IMAP:
- Fixed bug #77020 (null pointer dereference in imap_mail).
- Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
Phar:
- Fixed bug #77022 (PharData always creates new files with mode 0666).
- Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)

13 Sep 2018

Apache2:
- Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)

19 Jul 2018

Exif:
- Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
- Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
Win32:
- Fixed bug #76459

💦 FULL SET: ChangeLog .php - Collection