Skip to content

Commit b9da410

Browse files
kaplanliorkaplanlior
committed
Add CVE IDs for PHP 5.5.38 and 5.6.24
1 parent 43ebae8 commit b9da410

File tree

1 file changed

+26
-26
lines changed

1 file changed

+26
-26
lines changed

ChangeLog-5.php

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -141,20 +141,20 @@
141141
<li><?php bugfix(71936); ?> (Segmentation fault destroying HTTP_RAW_POST_DATA).</li>
142142
<li><?php bugfix(72496); ?> (Cannot declare public method with signature incompatible with parent private method).</li>
143143
<li><?php bugfix(72138); ?> (Integer Overflow in Length of String-typed ZVAL).</li>
144-
<li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex).</li>
145-
<li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization).</li>
146-
<li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications).</li>
144+
<li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)</li>
145+
<li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization). (CVE-2016-6290)</li>
146+
<li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)</li>
147147
</ul></li>
148148
<li>bz2:
149149
<ul>
150-
<li><?php bugfix(72447); ?> (Type Confusion in php_bz2_filter_create()). (gogil at stealien dot com).</li>
151-
<li><?php bugfix(72613); ?> (Inadequate error handling in bzread()).</li>
150+
<li><?php bugfix(72447); ?> (Type Confusion in php_bz2_filter_create()).</li>
151+
<li><?php bugfix(72613); ?> (Inadequate error handling in bzread()). (CVE-2016-5399)</li>
152152
</ul></li>
153153
<li>EXIF:
154154
<ul>
155155
<li><?php bugfix(50845); ?> (exif_read_data() returns corrupted exif headers).</li>
156-
<li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE).</li>
157-
<li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment).</li>
156+
<li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)</li>
157+
<li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)</li>
158158
</ul></li>
159159
<li>GD:
160160
<ul>
@@ -163,15 +163,15 @@
163163
<li><?php bugfix(64641); ?> (imagefilledpolygon doesn't draw horizontal line).</li>
164164
<li><?php bugfix(72512); ?> (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</li>
165165
<li><?php bugfix(72519); ?> (imagegif/output out-of-bounds access).</li>
166-
<li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()).</li>
166+
<li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)</li>
167167
</ul></li>
168168
<li>Intl:
169169
<ul>
170-
<li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access).</li>
170+
<li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)</li>
171171
</ul></li>
172172
<li>ODBC:
173173
<ul>
174-
<li><?php bugfix(69975); ?> (PHP segfaults when accessing nvarchar(max) defined columns)</li>
174+
<li><?php bugfix(69975); ?> (PHP segfaults when accessing nvarchar(max) defined columns). (CVE-2015-8879)</li>
175175
</ul></li>
176176
<li>OpenSSL:
177177
<ul>
@@ -180,7 +180,7 @@
180180
</ul></li>
181181
<li>SNMP:
182182
<ul>
183-
<li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()).</li>
183+
<li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)</li>
184184
</ul></li>
185185
<li>SPL:
186186
<ul>
@@ -196,11 +196,11 @@
196196
</ul></li>
197197
<li>Xmlrpc:
198198
<ul>
199-
<li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c).</li>
199+
<li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)</li>
200200
</ul></li>
201201
<li>Zip:
202202
<ul>
203-
<li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener).</li>
203+
<li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)</li>
204204
</ul></li>
205205
</ul>
206206
<!-- }}} --></section>
@@ -210,45 +210,45 @@
210210
<b><?php release_date('21-Jul-2016'); ?></b>
211211
<ul><li>BZip2:
212212
<ul>
213-
<li><?php bugfix(72613); ?> (Inadequate error handling in bzread()).</li>
213+
<li><?php bugfix(72613); ?> (Inadequate error handling in bzread()). (CVE-2016-5399)</li>
214214
</ul></li>
215215
<li>Core:
216216
<ul>
217-
<li><?php bugfix(70480); ?> (php_url_parse_ex() buffer overflow read).</li>
218-
<li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex).</li>
219-
<li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization).</li>
220-
<li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications).</li>
217+
<li><?php bugfix(70480); ?> (php_url_parse_ex() buffer overflow read). (CVE-2016-6288)</li>
218+
<li><?php bugfix(72513); ?> (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)</li>
219+
<li><?php bugfix(72562); ?> (Use After Free in unserialize() with Unexpected Session Deserialization). (CVE-2016-6290)</li>
220+
<li><?php bugfix(72573); ?> (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)</li>
221221
</ul></li>
222222
<li>EXIF:
223223
<ul>
224-
<li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE).</li>
225-
<li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment).</li>
224+
<li><?php bugfix(72603); ?> (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)</li>
225+
<li><?php bugfix(72618); ?> (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)</li>
226226
</ul></li>
227227
<li>GD:
228228
<ul>
229229
<li><?php bugfix(72512); ?> (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</li>
230230
<li><?php bugfix(72519); ?> (imagegif/output out-of-bounds access).</li>
231-
<li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()).</li>
231+
<li><?php bugfix(72558); ?> (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)</li>
232232
</ul></li>
233233
<li>Intl:
234234
<ul>
235-
<li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access).</li>
235+
<li><?php bugfix(72533); ?> (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)</li>
236236
</ul></li>
237237
<li>ODBC:
238238
<ul>
239-
<li><?php bugfix(69975); ?> (PHP segfaults when accessing nvarchar(max) defined columns)</li>
239+
<li><?php bugfix(69975); ?> (PHP segfaults when accessing nvarchar(max) defined columns). (CVE-2015-8879)</li>
240240
</ul></li>
241241
<li>SNMP:
242242
<ul>
243-
<li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()).</li>
243+
<li><?php bugfix(72479); ?> (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)</li>
244244
</ul></li>
245245
<li>Xmlrpc:
246246
<ul>
247-
<li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c).</li>
247+
<li><?php bugfix(72606); ?> (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)</li>
248248
</ul></li>
249249
<li>Zip:
250250
<ul>
251-
<li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener).</li>
251+
<li><?php bugfix(72520); ?> (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)</li>
252252
</ul></li>
253253
</ul>
254254
<!-- }}} --></section>

0 commit comments

Comments
 (0)