PHP

5.5.14

Released on 26 Jun 2014
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.5.14 Changelog
  • CLI server:
    • Fixed bug #67406 (built-in web-server segfaults on startup).
  • Core:
    • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases).
    • Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981).
    • Fixed bug #67399 (putenv with empty variable may lead to crash).
    • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
    • Fixed BC break introduced by patch for bug #67072.
  • Date:
    • Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
    • Fixed regression in fix for bug #67118 (constructor can't be called twice).
  • Fileinfo:
    • Fixed bug #67326 (cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)).
    • Fixed bug #67410 (mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478).
    • Fixed bug #67411 (cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479).
    • Fixed bug #67412 (cdf_count_chain insufficient boundary check). (CVE-2014-3480).
    • Fixed bug #67413 (cdf_read_property_info insufficient boundary check). (CVE-2014-3487).
  • Intl:
    • Fixed bug #67349 (Locale::parseLocale Double Free).
    • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
  • Network:
    • Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049)).
  • OPCache:
    • Fixed issue #183 (TMP_VAR is not only used once).
  • OpenSSL:
    • Fixed bug #65698 (certificates validity parsing does not work past 2050).
    • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
  • PDO-ODBC:
    • Fixed bug #50444 (PDO-ODBC changes for 64-bit).
  • SOAP:
    • Implemented FR #49898 (Add SoapClient::__getCookies()).
  • SPL:
    • Fixed bug #66127 (Segmentation fault with ArrayObject unset).
    • Fixed bug #67359 (Segfault in recursiveDirectoryIterator).
    • Fixed bug #67360 (Missing element after ArrayObject::getIterator).
    • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515).