PHP

5.5.23

Released on 19 Mar 2015
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.5.23 Changelog
  • Core:
    • Fixed bug #69174 (leaks when unused inner class use traits precedence).
    • Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
    • Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build).
    • Fixed bug #65593 (Segfault when calling ob_start from output buffering callback).
    • Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope).
    • Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
    • Fixed bug #68166 (Exception with invalid character causes segv).
    • Fixed bug #69141 (Missing arguments in reflection info for some builtin functions).
    • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
    • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
    • Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
  • CGI:
    • Fixed bug #69015 (php-cgi's getopt does not see $argv).
  • CLI:
    • Fixed bug #67741 (auto_prepend_file messes up __LINE__).
  • cURL:
    • Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
    • Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
  • Ereg:
    • Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
  • FPM:
    • Fixed bug #68822 (request time is reset too early).
  • ODBC:
    • Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
  • Opcache:
    • Fixed bug #69125 (Array numeric string as key).
    • Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
  • OpenSSL:
  • pgsql:
    • Fixed bug #68638 (pg_update() fails to store infinite values).
  • Readline:
    • Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters).
  • SOAP:
    • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()).
  • SPL:
    • Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage).
    • Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
  • ZIP:
    • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)