PHP

5.6.7

Released on 19 Mar 2015
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.6.7 Changelog
  • Core:
    • Fixed bug #69174 (leaks when unused inner class use traits precedence).
    • Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
    • Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build).
    • Fixed bug #65593 (Segfault when calling ob_start from output buffering callback).
    • Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c).
    • Fixed bug #68166 (Exception with invalid character causes segv).
    • Fixed bug #69141 (Missing arguments in reflection info for some builtin functions).
    • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-2787)
    • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
    • Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
  • CGI:
    • Fixed bug #69015 (php-cgi's getopt does not see $argv).
  • CLI:
    • Fixed bug #67741 (auto_prepend_file messes up __LINE__).
  • cURL:
    • Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).
    • Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.
  • Ereg:
    • Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (CVE-2015-2305)
  • FPM:
    • Fixed bug #68822 (request time is reset too early).
  • ODBC:
    • Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
  • Opcache:
    • Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function).
    • Fixed bug #69125 (Array numeric string as key).
    • Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
  • OpenSSL:
    • Fixed bug #68912 (Segmentation fault at openssl_spki_new).
    • Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts).
    • Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey)
    • Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey)
    • Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
    • Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
    • Fixed bug #69195 (Inconsistent stream crypto values across versions) (Daniel Lowrey)
  • pgsql:
    • Fixed bug #68638 (pg_update() fails to store infinite values).
  • Readline:
    • Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters).
  • SOAP:
    • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()).
  • SPL:
    • Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage).
    • Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).
  • ZIP:
    • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)