Skip to content

Commit 6bd5277

Browse files
kaplanliorkaplanlior
committed
Add CVE info for PHP 5.6.23
1 parent 02c24be commit 6bd5277

File tree

1 file changed

+17
-13
lines changed

1 file changed

+17
-13
lines changed

NEWS

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -45,42 +45,46 @@ PHP NEWS
4545
. Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
4646
(cmb)
4747
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
48-
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
48+
. Fixed bug #72337 (invalid dimensions can lead to crash). (Pierre)
4949
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
50-
heap overflow). (Pierre)
50+
heap overflow). (CVE-2016-5766) (Pierre)
5151
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
5252
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
53-
in heap overflow). (Pierre)
53+
in heap overflow). (CVE-2016-5767) (Pierre)
5454

5555
- Intl:
5656
. Fixed bug #70484 (selectordinal doesn't work with named parameters).
5757
(Anatol)
5858

5959
- mbstring:
60-
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
60+
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free).
61+
(CVE-2016-5768) (Stas)
6162

6263
- mcrypt:
63-
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
64+
. Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
65+
(Stas)
66+
67+
- OpenSSL:
68+
. Fixed bug #72140 (segfault after calling ERR_free_strings()).
69+
(Jakub Zelenka)
6470

6571
- Phar:
6672
. Fixed bug #72321 (invalid free in phar_extract_file()).
6773
(hji at dyntopia dot com)
6874

6975
- SPL:
70-
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
76+
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread).
77+
(CVE-2016-5770) (Stas)
7178
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
72-
unserialize). (Dmitry)
73-
74-
- OpenSSL:
75-
. Fixed bug #72140 (segfault after calling ERR_free_strings()).
76-
(Jakub Zelenka)
79+
unserialize). (CVE-2016-5771) (Dmitry)
7780

7881
- WDDX:
79-
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
82+
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize).
83+
(CVE-2016-5772) (Stas)
8084

8185
- zip:
8286
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
83-
algorithm and unserialize). (Dmitry)
87+
algorithm and unserialize). (CVE-2016-5773) (Dmitry)
8488

8589
26 May 2016, PHP 5.6.22
8690

0 commit comments

Comments
 (0)