@@ -27,17 +27,33 @@ PHP NEWS
2727 the constructor). (Dmitry)
2828 . Implemented RFC: RNG Fixes. (Leigh)
2929 . Implemented email validation as per RFC 6531. (Leo Feyer, Anatol)
30+ . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
31+ virtual_file_ex). (Stas)
32+ . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries
33+ and applications). (Stas)
34+
35+ - bz2:
36+ . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
3037
3138- COM:
3239 . Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)
3340
41+ - Curl:
42+ . Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas)
43+
3444- Date:
3545 . Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails
3646 parsing). (derick)
3747
3848- DOM:
3949 . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
4050
51+ - Exif:
52+ . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
53+ (Stas)
54+ . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
55+ (Stas)
56+
4157- Filter:
4258 . Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
4359 range). (bugs dot php dot net at majkl578 dot cz)
@@ -52,10 +68,19 @@ PHP NEWS
5268 . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
5369 . Fixed bug #43828 (broken transparency of imagearc for truecolor in
5470 blendingmode). (cmb)
71+ . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
72+ access). (Pierre)
73+ . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
74+ . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
75+ (Pierre)
76+ . Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine
77+ overflow). (Pierre)
78+ . Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre)
5579
5680- Intl:
5781 . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
5882 names). (cmb)
83+ . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
5984
6085- Mbstring:
6186 . Deprecated mb_ereg_replace() eval option. (Rouven Weßling, cmb)
@@ -64,6 +89,8 @@ PHP NEWS
6489
6590- MCrypt:
6691 . Deprecated ext/mcrypt. (Scott Arciszewski, cmb)
92+ . Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to
93+ heap overflow in mdecrypt_generic). (Stas)
6794
6895- Opcache:
6996 . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
@@ -104,6 +131,14 @@ PHP NEWS
104131- Wddx:
105132 . Fixed bug #72564 (boolean always deserialized as "true") (Remi)
106133
134+ - XMLRPC:
135+ . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn
136+ simplestring.c). (Stas)
137+
138+ - Zip:
139+ . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
140+ php_stream_zip_opener). (Stas)
141+
10714207 Jul 2016, PHP 7.1.0alpha3
108143
109144- Core:
@@ -209,11 +244,17 @@ PHP NEWS
209244 . An invalid setting for session.hash_function will throw an instance of
210245 Error instead of resulting in a fatal error when a session ID is created.
211246 (Aaron Piotrowski)
247+ . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
248+ Deserialization). (Stas)
212249
213250- SimpleXML:
214251 . Creating an unnamed or duplicate attribute will throw an instance of Error
215252 instead of resulting in a fatal error. (Aaron Piotrowski)
216253
254+ - SNMP:
255+ . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
256+ unserialize()). (Stas)
257+
217258- SPL:
218259 . Attempting to clone an SplDirectory object will throw an instance of Error
219260 instead of resulting in a fatal error. (Aaron Piotrowski)
0 commit comments