Dimitris 52 Report post Posted October 15, 2016 Version 7.0.12 13 Oct 2016 Core: Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). Fixed bug #73058 (crypt broken when salt is 'too' long). Fixed bug #69579 (Invalid free in extension trait). Fixed bug #73156 (segfault on undefined function). Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value). Fixed bug #73172 (parse error: Invalid numeric literal). Fixed bug #73240 (Write out of bounds at number_format). Fixed bug #73147 (Use After Free in PHP7 unserialize()). Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). BCmath: Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex). COM: Fixed bug #73126 (Cannot pass parameter 1 by reference). Date: Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation). DOM: Fixed bug #73150 (missing NULL check in dom_document_save_html). Filter: Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). Fixed bug #73054 (default option ignored when object passed to int filter). GD: Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette). Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending). Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box). Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files). Fixed bug #73161 (imagecreatefromgd2() may leak memory). Intl: Fixed bug #73218 (add mitigation for ICU int overflow). Mbstring: Fixed bug #66797 (mb_substr only takes 32-bit signed integer). Fixed bug #66964 (mb_convert_variables() cannot detect recursion). Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset). Mysqlnd: Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data). Opcache: Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function). OpenSSL: Fixed bug #73072 (Invalid path SNI_server_certs causes segfault). Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). Fixed bug #73275 (crash in openssl_encrypt function). PCRE: Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390). Fixed bug #73174 (heap overflow in php_pcre_replace_impl). PDO_DBlib: Fixed bug #72414 (Never quote values as raw binary data). Allow \PDO::setAttribute() to set query timeouts. Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions. Add common PDO test suite. Free error and message strings when cleaning up PDO instances. Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched). Ignore potentially misleading dberr values. phpdbg: Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD). Fixed next command not stopping when leaving function. Session: Fixed bug #68015 (Session does not report invalid uid for files save handler). Fixed bug #73100 (session_destroy null dereference in ps_files_path_create). SimpleXML: Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()). SOAP: Fixed bug #71711 (Soap Server Member variables reference bug). Fixed bug #71996 (Using references in arrays doesn't work like expected). SPL: Fixed bug #73257, Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key). SQLite3: Updated bundled SQLite3 to 3.14.2. Zip: Fixed bug #70752 (Depacking with wrong password leaves 0 length files). Quote Share this post Link to post Share on other sites
