Skip to content

Conversation

pull[bot]
Copy link

@pull pull bot commented Oct 13, 2025

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

nielsdos and others added 11 commits October 13, 2025 21:02
…) fails

Obvious memleak, but can also cause a UAF depending on destruction
ordering with lingering PCRE regex instances in the SPL objects.

Closes GH-20157.
* PHP-8.3:
  phar: Fix memleak+UAF when opening temp stream in buildFromDirectory() fails
* PHP-8.4:
  phar: Fix memleak+UAF when opening temp stream in buildFromDirectory() fails
* PHP-8.5:
  phar: Fix memleak+UAF when opening temp stream in buildFromDirectory() fails
* Add extra checks to Phar::mungServer()

* [ci skip] NEWS/UPGRADING
* PHP-8.3:
  Fix shm corruption with coercion in options of unserialize()
* PHP-8.4:
  Fix shm corruption with coercion in options of unserialize()
* PHP-8.5:
  Fix shm corruption with coercion in options of unserialize()
This is done by parsing this as 2 arguments with variadics that are never actually parsed
@pull pull bot locked and limited conversation to collaborators Oct 13, 2025
@pull pull bot added the ⤵️ pull label Oct 13, 2025
@pull pull bot merged commit 6cb2122 into wudi:master Oct 13, 2025
9 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants