PHP 5.6.39 -7.0.33 – 7.1.25 und 7.2.13 als Security Release veröffentlicht

Die Scriptsprache PHP wurde vor ein paar Tagen aktualisiert. Die Zweige 5.6, 7.0, 7.1 und 7.2 erhielten ein Sicherheitsupdate. Nachfolgend die Änderungen.

PHP 7.2.13 Release Notes

• ftp:
  • Fixed bug #77151 (ftp_close(): SSL_read on shutdown).
• CLI:
  • Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters).
• Fileinfo:
  • Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)).
• iconv:
  • Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
• Core:
  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
• IMAP:
  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
• ODBC:
  • Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
• Opcache:
  • Fixed bug #77058 (Type inference in opcache causes side effects).
  • Fixed bug #77092 (array_diff_key() – segmentation fault).
• Phar:
  • Fixed bug #77022 (PharData always creates new files with mode 0666).
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
• PGSQL:
  • Fixed bug #77047 (pg_convert has a broken regex for the ‘TIME WITHOUT TIMEZONE’ data type).
• SOAP:
  • Fixed bug #50675 (SoapClient can’t handle object references correctly).
  • Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault).
  • Fixed bug #77141 (Signedness issue in SOAP when precision=-1).
• Sockets:
  • Fixed bug #67619 (Validate length on socket_write).

PHP 7.1.25 Release Notes

• Core:
  • Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
• ftp:
  • Fixed bug #77151 (ftp_close(): SSL_read on shutdown).
• iconv:
  • Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
• IMAP:
  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
• ODBC:
  • Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
• Opcache:
  • Fixed bug #77058 (Type inference in opcache causes side effects).
• Phar:
  • Fixed bug #77022 (PharData always creates new files with mode 0666).
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
• PGSQL:
  • Fixed bug #77047 (pg_convert has a broken regex for the ‘TIME WITHOUT TIMEZONE’ data type).
• SOAP:
  • Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault).
  • Fixed bug #77141 (Signedness issue in SOAP when precision=-1).
• Sockets:
  • Fixed bug #67619 (Validate length on socket_write).

PHP 7.0.33 Release Notes

• Core:
  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
• IMAP:
  • Fixed bug #77020 (null pointer dereference in imap_mail).
  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
• Phar:
  • Fixed bug #77022 (PharData always creates new files with mode 0666).
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).

PHP 5.6.39 Release Notes

• Core:
  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
• IMAP:
  • Fixed bug #77020 (null pointer dereference in imap_mail).
  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
• Phar:
  • Fixed bug #77022 (PharData always creates new files with mode 0666).
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).