php-5.6.23-Win32-VC11-x64

PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 23 Jun 2016, PHP 5.6.23 - Core: . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()). (Stas) . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas) . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) - GD: . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas) . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre) . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) - Intl: . Fixed bug #70484 (selectordinal doesn't work with named parameters). (Anatol) - mbstring: . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) - mcrypt: . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas) - Phar: . Fixed bug #72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com) - SPL: . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas) . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) - OpenSSL: . Fixed bug #72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka) - WDDX: . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas) - zip: . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) 26 May 2016, PHP 5.6.22 - Core: . Fixed bug #72172 (zend_hex_strtod should not use strlen). (bwitz at hotmail dot com ) . Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (Stas) . Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas) - GD: . Fixed bug #72227 (imagescale out-of-bounds read). (Stas) - Intl . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol) . Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas) - Postgres: . Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol) 28 Apr 2016, PHP 5.6.21 - Core: . Fixed bug #69537 (__debugInfo with empty string for key gives error). (krakjoe) . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) - BCmath: . Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (Stas) - Curl: . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). (Michael Sierks) - Date: . Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week). (Derick) . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt) - EXIF: . Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas) - GD: . Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas) . Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074) (Stas) - Intl: . Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (Stas) - OCI8: . Fixed bug #71422 (Fix ORA-01438: value larger than specified precision allowed for this column). (Chris Jones) - ODBC: . Fixed bug #63171 (Script hangs after max_execution_time). (Remi) - Opcache: . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER). (Laruence) - PDO: . Fixed bug #52098 (Own PDOStatement implementation ignore __call()). (Daniel Kalaspuffar, Julien) . Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo) - Postgres: . Fixed bug #71820 (pg_fetch_object binds parameters before call constructor). (Anatol) - SPL: . Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails offsetExists()). (Nikita) - Standard: . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) . Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined). (Nikita) - XML: . Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas) 31 Mar 2016, PHP 5.6.20 - CLI Server: . Fixed bug #69953 (Support MKCALENDAR request method). (Christoph) - Core: . Fixed bug #71596 (Segmentation fault on ZTS with date function (setlocale)). (Anatol) - Curl: . Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw) - Date: . Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt) - Fileinfo: . Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865) (Anatol) - Mbstring: . Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073) (Stas) - ODBC: . Fixed bug #47803, #69526 (Executing prepared statements is succesfull only for the first two statements). (einavitamar at gmail dot com, Anatol) . Fixed bug #71860 (Invalid memory write in phar on filename with \0 in name). (CVE-2016-4072) (Stas) - PDO_DBlib: . Fixed bug #54648 (PDO::MSSQL forces format of datetime fields). (steven dot lambeth at gmx dot de, Anatol) - Phar: . Fixed bug #71625 (Crash in php7.dll with bad phar filename). (Anatol) . Fixed bug #71504 (Parsing of tar file with duplicate filenames causes memory leak). (Jos Elstgeest) - SNMP: . Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (CVE-2016-4071) (andrew at jmpesp dot org) - Standard: . Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070) (taoguangchen at icloud dot com, Stas) 03 Mar 2016, PHP 5.6.19 - CLI server: . Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug). (Johannes, Anatol) - CURL: . Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec). (Laruence) - Date: . Fixed bug #68078 (Datetime comparisons ignore microseconds). (Willem-Jan Zijderveld) . Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues). (Sean DuBois) - Fileinfo: . Fixed bug #71434 (finfo throws notice for specific python file). (Laruence) - FPM: . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup). (Matt Haught, Remi) - Opcache: . Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache). (Yussuf Khalil) - PDO MySQL: . Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita) - Phar: . Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()). (Stas) - Standard: . Fixed bug #70720 (strip_tags improper php code parsing). (Julien) - WDDX: . Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize). (Stas) - XSL: . Fixed bug #71540 (NULL pointer dereference in xsl_ext_function_php()). (Stas) - Zip: . Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence) 04 Feb 2016, PHP 5.6.18 - Core: . Fixed bug #71039 (exec functions ignore length but look for NULL termination). (Anatol) . Fixed bug #71089 (No check to duplicate zend_extension). (Remi) . Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol) . Added support for new HTTP 451 code. (Julien) . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). (Anatol) . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input). (Leo Gaspard) . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas) - Apache2handler: . Fix >2G Content-Length headers in apache2handler. (Adam Harvey) - FTP: . Imp