|
155 | 155 | <li>Implemented FR <?php bugl(72614); ?> (Support "nmake test" on building extensions by phpize).</li> |
156 | 156 | <li><?php bugfix(72641); ?> (phpize (on Windows) ignores PHP_PREFIX).</li> |
157 | 157 | <li>Fixed potential segfault in object storage freeing in shutdown sequence.</li> |
158 | | - <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).</li> |
159 | | - <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability).</li> |
| 158 | + <li><?php bugfix(72663); ?> (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (CVE-2016-7124)</li> |
| 159 | + <li><?php bugfix(72681); ?> (PHP Session Data Injection Vulnerability). (CVE-2016-7125)</li> |
160 | 160 | <li><?php bugfix(72683); ?> (getmxrr broken).</li> |
161 | | - <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one).</li> |
| 161 | + <li><?php bugfix(72742); ?> (memory allocator fails to realloc small block to large one). (CVE-2016-7133)</li> |
162 | 162 | </ul></li> |
163 | 163 | <li>Bz2: |
164 | 164 | <ul> |
|
177 | 177 | <ul> |
178 | 178 | <li><?php bugfix(71709); ?> (curl_setopt segfault with empty CURLOPT_HTTPHEADER).</li> |
179 | 179 | <li><?php bugfix(71929); ?> (CURLINFO_CERTINFO data parsing error).</li> |
180 | | - <li><?php bugfix(72674); ?> (Heap overflow in curl_escape).</li> |
| 180 | + <li><?php bugfix(72674); ?> (Heap overflow in curl_escape). (CVE-2016-7134)</li> |
181 | 181 | </ul></li> |
182 | 182 | <li>DOM: |
183 | 183 | <ul> |
|
186 | 186 | <li>EXIF: |
187 | 187 | <ul> |
188 | 188 | <li><?php bugfix(72735); ?> (Samsung picture thumb not read (zero size)).</li> |
189 | | - <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF).</li> |
| 189 | + <li><?php bugfix(72627); ?> (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)</li> |
190 | 190 | </ul></li> |
191 | 191 | <li>Filter: |
192 | 192 | <ul> |
|
204 | 204 | <li><?php bugfix(43828); ?> (broken transparency of imagearc for truecolor in blendingmode).</li> |
205 | 205 | <li><?php bugfix(66555); ?> (Always false condition in ext/gd/libgd/gdkanji.c).</li> |
206 | 206 | <li><?php bugfix(68712); ?> (suspicious if-else statements).</li> |
207 | | - <li><?php bugfix(72697); ?> (select_colors write out-of-bounds).</li> |
208 | | - <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access).</li> |
| 207 | + <li><?php bugfix(72697); ?> (select_colors write out-of-bounds). (CVE-2016-7126)</li> |
| 208 | + <li><?php bugfix(72730); ?> (imagegammacorrect allows arbitrary write access). (CVE-2016-7127)</li> |
209 | 209 | </ul></li> |
210 | 210 | <li>Intl: |
211 | 211 | <ul> |
|
283 | 283 | <ul> |
284 | 284 | <li><?php bugfix(72564); ?> (boolean always deserialized as "true").</li> |
285 | 285 | <li><?php bugfix(72142); ?> (WDDX Packet Injection Vulnerability in wddx_serialize_value()).</li> |
286 | | - <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access) (Stas)</li> |
287 | | - <li><?php bugfix(72750); ?> (wddx_deserialize null dereference).</li> |
288 | | - <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml).</li> |
289 | | - <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element).</li> |
| 286 | + <li><?php bugfix(72749); ?> (wddx_deserialize allows illegal memory access). (CVE-2016-7129)</li> |
| 287 | + <li><?php bugfix(72750); ?> (wddx_deserialize null dereference). (CVE-2016-7130)</li> |
| 288 | + <li><?php bugfix(72790); ?> (wddx_deserialize null dereference with invalid xml). (CVE-2016-7131)</li> |
| 289 | + <li><?php bugfix(72799); ?> (wddx_deserialize null dereference in php_wddx_pop_element). (CVE-2016-7132)</li> |
290 | 290 | </ul></li> |
291 | 291 | <li>Zip: |
292 | 292 | <ul> |
|
0 commit comments