5.6.23

Author: Julien Pauli

ChangeLog-5.php

@@ -7,6 +7,59 @@
 ?>
 
 <h1>PHP 5 ChangeLog</h1>
+<section class="version" id="5.6.23"><!-- {{{ 5.6.23 -->
+<h3>Version 5.6.23</h3>
+<b><?php release_date('23-Jun-2016'); ?></b>
+<ul><li>Core:
+<ul>
+  <li><?php bugfix(72275); ?> (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).</li>
+  <li><?php bugfix(72400); ?> (Integer Overflow in addcslashes/addslashes).</li>
+  <li><?php bugfix(72403); ?> (Integer Overflow in Length of String-typed ZVAL).</li>
+</ul></li>
+<li>GD:
+<ul>
+  <li><?php bugfix(72298); ?> (pass2_no_dither out-of-bounds access).</li>
+  <li><?php bugfix(72337); ?> (invalid dimensions can lead to crash).</li>
+  <li><?php bugfix(72339); ?> (Integer Overflow in _gd2GetHeader() resulting in heap overflow).</li>
+  <li><?php bugfix(72407); ?> (NULL Pointer Dereference at _gdScaleVert).</li>
+  <li><?php bugfix(72446); ?> (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow).</li>
+</ul></li>
+<li>Intl:
+<ul>
+  <li><?php bugfix(70484); ?> (selectordinal doesn't work with named parameters).</li>
+</ul></li>
+<li>mbstring:
+<ul>
+  <li><?php bugfix(72402); ?> (_php_mb_regex_ereg_replace_exec - double free).</li>
+</ul></li>
+<li>mcrypt:
+<ul>
+  <li><?php bugfix(72455); ?> (Heap Overflow due to integer overflows).</li>
+</ul></li>
+<li>OpenSSL:
+<ul>
+  <li><?php bugfix(72140); ?> (segfault after calling ERR_free_strings()).</li>
+</ul></li>
+<li>Phar:
+<ul>
+  <li><?php bugfix(72321); ?> (invalid free in phar_extract_file()).</li>
+</ul></li>
+<li>SPL:
+<ul>
+  <li><?php bugfix(72262); ?> (int/size_t confusion in SplFileObject::fread).</li>
+  <li><?php bugfix(72433); ?> (Use After Free Vulnerability in PHP's GC algorithm and unserialize).</li>
+</ul></li>
+<li>WDDX:
+<ul>
+  <li><?php bugfix(72340); ?> (Double Free Courruption in wddx_deserialize).</li>
+</ul></li>
+<li>zip:
+<ul>
+  <li><?php bugfix(72434); ?> (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize).</li>
+</ul></li>
+</ul>
+<!-- }}} --></section>
+
 <section class="version" id="5.6.22"><!-- {{{ 5.6.22 -->
 <h3>Version 5.6.22</h3>
 <b><?php release_date('26-May-2016'); ?></b>

archive/archive.xml

@@ -9,6 +9,7 @@
     <uri>http://php.net/contact</uri>
     <email>[email protected]</email>
   </author>
+  <xi:include href="entries/2016-06-23-2.xml"/>
   <xi:include href="entries/2016-06-23-1.xml"/>
   <xi:include href="entries/2016-06-15-1.xml"/>
   <xi:include href="entries/2016-06-09-1.xml"/>

archive/entries/2016-06-23-2.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<entry xmlns="http://www.w3.org/2005/Atom">
+  <title>PHP 5.6.23 is released</title>
+  <id>http://php.net/archive/2016.php#id2016-06-23-2</id>
+  <published>2016-06-23T17:36:17+00:00</published>
+  <updated>2016-06-23T17:36:17+00:00</updated>
+  <category term="frontpage" label="PHP.net frontpage news"/>
+  <category term="releases" label="New PHP release"/>
+  <link href="http://php.net/index.php#id2016-06-23-2" rel="alternate" type="text/html"/>
+  <link href="http://php.net/archive/2016.php#id2016-06-23-2" rel="via" type="text/html"/>
+  <content type="xhtml">
+    <div xmlns="http://www.w3.org/1999/xhtml">
+	<p>The PHP development team announces the immediate availability of PHP
+     5.6.23. Several bugs were fixed in this release, including security-related ones. 
+     
+     All PHP 5.6 users are encouraged to upgrade to this version.
+     </p>
+     
+     <p>For source downloads of PHP 5.6.23 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows source and binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.6.23">ChangeLog</a>.
+     </p>
+    </div>
+  </content>
+</entry>

include/releases.inc

@@ -293,6 +293,42 @@ $OLDRELEASES = array (
   ),
   5 => 
   array (
+    '5.6.22' => 
+    array (
+      'announcement' => 
+      array (
+        'English' => '/releases/5_6_22.php',
+      ),
+      'source' => 
+      array (
+        0 => 
+        array (
+          'filename' => 'php-5.6.22.tar.bz2',
+          'name' => 'PHP 5.6.22 (tar.bz2)',
+          'md5' => '2244754a50d0a5f07c20967d0c9e0b8d',
+          'sha256' => '90da8a80cc52fa699cf2bfa4c6fa737c772df7c92b81ef483460aa3b1e9f88c6',
+          'date' => '26 May 2016',
+        ),
+        1 => 
+        array (
+          'filename' => 'php-5.6.22.tar.gz',
+          'name' => 'PHP 5.6.22 (tar.gz)',
+          'md5' => 'e2aa4768b3eae84fefe914272eae8ecb',
+          'sha256' => '4ce0f58c3842332c4e3bb2ec1c936c6817294273abaa37ea0ef7ca2a68cf9b21',
+          'date' => '26 May 2016',
+        ),
+        2 => 
+        array (
+          'filename' => 'php-5.6.22.tar.xz',
+          'name' => 'PHP 5.6.22 (tar.xz)',
+          'md5' => '19a5bcbddc105dfb29482ab779fcc795',
+          'sha256' => 'c96980d7de1d66c821a4ee5809df0076f925b2fe0b8c362d234d92f2f0a178e2',
+          'date' => '26 May 2016',
+        ),
+      ),
+      'date' => '26 May 2016',
+      'museum' => false,
+    ),
     '5.6.21' => 
     array (
       'announcement' => 

include/version.inc

@@ -36,20 +36,20 @@ $PHP_7_0_SHA256     = array(
 );
 
 /* PHP 5.6 Release */
-$PHP_5_6_RC = '5.6.23RC1'; // Current RC version (e.g., '5.6.7RC1') or false
+$PHP_5_6_RC = false; // Current RC version (e.g., '5.6.7RC1') or false
 $PHP_5_6_RC_DATE = '09 Jun 2016';
 
-$PHP_5_6_VERSION         = "5.6.22";
-$PHP_5_6_DATE            = "26 May 2016";
+$PHP_5_6_VERSION         = "5.6.23";
+$PHP_5_6_DATE            = "23 Jun 2016";
 $PHP_5_6_MD5     = array(
-                       "tar.bz2"       => "2244754a50d0a5f07c20967d0c9e0b8d",
-                       "tar.gz"        => "e2aa4768b3eae84fefe914272eae8ecb",
-                       "tar.xz"        => "19a5bcbddc105dfb29482ab779fcc795",
+                       "tar.bz2"       => "147734b7e0164ebdd2dc18474fcfb309",
+                       "tar.gz"        => "5120140b7b3117e50807836a1869e250",
+                       "tar.xz"        => "c2d2155e50bcbaa0ee7a63845862c894",
 );
 $PHP_5_6_SHA256     = array(
-                       "tar.bz2"       => "90da8a80cc52fa699cf2bfa4c6fa737c772df7c92b81ef483460aa3b1e9f88c6",
-                       "tar.gz"        => "4ce0f58c3842332c4e3bb2ec1c936c6817294273abaa37ea0ef7ca2a68cf9b21",
-                       "tar.xz"        => "c96980d7de1d66c821a4ee5809df0076f925b2fe0b8c362d234d92f2f0a178e2",
+                       "tar.bz2"       => "facd280896d277e6f7084b60839e693d4db68318bfc92085d3dc0251fd3558c7",
+                       "tar.gz"        => "5f2274a13970887e8c81500c2afe292d51c3524d1a06554b0a87c74ce0a24ffe",
+                       "tar.xz"        => "39141e9a617af172aedbbacee7a63eb15502850f7cea20d759a9cffa7cfb0a1a",
 );
 /* PHP 5.5 Release */
 $PHP_5_5_RC =  false; // Current RC version (e.g., '5.6.7RC1') or false

releases/5_6_23.php

@@ -0,0 +1,20 @@
+<?php
+// $Id$
+$_SERVER['BASE_PAGE'] = 'releases/5_6_23.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
+site_header("PHP 5.6.23 Release Announcement");
+?>
+     <h1>PHP 5.6.23 Release Announcement</h1>
+
+     <p>The PHP development team announces the immediate availability of PHP
+     5.6.23. Several bugs were fixed in this release, including security-related ones. 
+     
+     All PHP 5.6 users are encouraged to upgrade to this version.
+     </p>
+     
+     <p>For source downloads of PHP 5.6.23 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
+     Windows source and binaries can be found on <a href="http://windows.php.net/download/">windows.php.net/download/</a>.
+     The list of changes is recorded in the <a href="http://www.php.net/ChangeLog-5.php#5.6.23">ChangeLog</a>.
+     </p>
+
+<?php site_footer(); ?>