PHP Security und Bugfix Release 7.2.34 – 7.3.23 und 7.4.11

PHP Logo
PHP Logo

Das PHP Entwicklerteam hat vor kurzem Updates für die PHP Zweige 7.2, 7.3 und 7.4 veröffentlicht. Dies sind Sicherheitsupdates mit einigen Bugfixes.

PHP 7.4.11 Release Notes

  • Core:
    • Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
    • Fixed bug #79979 (passing value to by-ref param via CUFA crashes).
    • Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared).
    • Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
    • Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
  • Calendar:
    • Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
  • COM:
    • Fixed bug #64130 (COM obj parameters passed by reference are not updated).
  • OPcache:
    • Fixed bug #80002 (calc free space for new interned string is wrong).
    • Fixed bug #80046 (FREE for SWITCH_STRING optimized away).
    • Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
  • OpenSSL:
    • Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
  • PDO:
    • Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
  • SOAP:
    • Fixed bug #47021 (SoapClient stumbles over WSDL delivered with “Transfer-Encoding: chunked”).
  • Standard:
    • Fixed bug #79986 (str_ireplace bug with diacritics characters).
    • Fixed bug #80077 (getmxrr test bug).
    • Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
    • Fixed bug #80067 (Omitting the port in bindto setting errors).

Quelle: https://www.php.net/ChangeLog-7.php#7.4.11

PHP 7.3.23 Release Notes

  • Core:
    • Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
    • Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
    • Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
  • Calendar:
    • Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
  • COM:
    • Fixed bug #64130 (COM obj parameters passed by reference are not updated).
  • OPcache:
    • Fixed bug #80002 (calc free space for new interned string is wrong).
    • Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
  • OpenSSL:
    • Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
  • PDO:
    • Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
  • SOAP:
    • Fixed bug #47021 (SoapClient stumbles over WSDL delivered with “Transfer-Encoding: chunked”).
  • Standard:
    • Fixed bug #79986 (str_ireplace bug with diacritics characters).
    • Fixed bug #80077 (getmxrr test bug).
    • Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
    • Fixed bug #80067 (Omitting the port in bindto setting errors).

Quelle: https://www.php.net/ChangeLog-7.php#7.3.23

PHP 7.2.34 Release Notes

  • Core:
    • Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
  • OpenSSL:
    • Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)

Quelle: https://www.php.net/ChangeLog-7.php#7.2.34

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*


Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.