| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
CVE-2024-2756
Fix password_verify can erroneously return true opening ATO risk
CVE-2024-3096
|
|
|
|
|
|
|
|
| |
CVE-2023-0567
fix #81746: 1-byte array overrun in common path resolve code
CVE-2023-0568
fix DOS vulnerability when parsing multipart request body
CVE-2023-0662
|
|
|
|
|
| |
Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
CVE-2020-7070
|
|
|
|
|
|
|
|
| |
Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar
CVE-2020-7060
standard:
Fix #79099 OOB read in php_strip_tags_ex
CVE-2020-7059
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix #78878 Buffer underflow in bc_shift_addsub
CVE-2019-11046
- core:
Fix #78862 link() silently truncates after a null byte on Windows
CVE-2019-11044
Fix #78863 DirectoryIterator class silently truncates after a null byte
CVE-2019-11045
- exif
Fix #78793 Use-after-free in exif parsing under memory sanitizer
CVE-2019-11050
Fix #78910 Heap-buffer-overflow READ in exif
CVE-2019-11047
- use oracle client library version 19.5 (18.5 on EL-6)
|
| |
|
|
|
|
|
|
|
| |
- mbstring:
Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe
- pcre:
Fix #75457 heap use-after-free in pcrelib
|
|
|
|
|
|
|
|
|
| |
Fix #78256 heap-buffer-overflow on exif_process_user_comment
CVE-2019-11042
Fix #78222 heap-buffer-overflow on exif_scan_thumbnail
CVE-2019-11041
- phar:
Fix #77919 Potential UAF in Phar RSHUTDOWN
|
|
|
|
|
|
|
|
|
|
| |
Fix #78069 Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
CVE-2019-11039
- exif:
Fix #77988 Heap-buffer-overflow on php_jpg_get16
CVE-2019-11040
- sqlite3:
Fix #77967 Bypassing open_basedir restrictions via file uris
|
|
|
|
|
| |
Fix #77950 Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
CVE-2019-11036
|
|
|
|
|
|
|
| |
Fix #77753 Heap-buffer-overflow in php_ifd_get32s
Fix #77831 Heap-buffer-overflow in exif_iif_add_value
- sqlite3:
Added sqlite3.defensive INI directive
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix #77369 memcpy with negative length via crafted DNS response
- mbstring:
Fix #77370 buffer overflow on mb regex functions - fetch_token
Fix #77371 heap buffer overflow in mb regex functions compile_string_node
Fix #77381 heap buffer overflow in multibyte match_at
Fix #77382 heap buffer overflow in expand_case_fold_string
Fix #77385 buffer overflow in fetch_token
Fix #77394 buffer overflow in multibyte case folding - unicode
Fix #77418 heap overflow in utf32be_mbc_to_code
- phar:
Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext
- xmlrpc:
Fix #77242 heap out of bounds read in xmlrpc_decode
Fix #77380 global out of bounds read in xmlrpc base64 code
|
|
|
|
| |
use oracle client library version 18.3
|
| |
|
| |
|
|
|
|
| |
use systemd RuntimeDirectory instead of /etc/tmpfiles.d
|
|
|
|
| |
FPM: update default pool configuration for process.dumpable
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
oci8 version is now 2.1.8
|
| |
|
| |
|
| |
|
|
|
|
| |
oci8 version is now 2.1.7
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|