
Die Entwickler der Skriptsprache PHP, haben heute Updates für die aktuellen Zweige 7.4, 7.3 und 7.2 veröffentlicht. Diese beheben Sicherheitsprobleme und entfernt diverse Fehler.
PHP 7.4.1 Release Notes
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
- Core:
- Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044).
- Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
- Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049).
- Fixed bug #78810 (RW fetches do not throw “uninitialized property” exception).
- Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
- Fixed bug #78296 (is_file fails to detect file).
- Fixed bug #78883 (fgets(STDIN) fails on Windows).
- Fixed bug #78898 (call_user_func([‘parent’, …]) fails while other succeed).
- Fixed bug #78904 (Uninitialized property triggers __get()).
- Fixed bug #78926 (Segmentation fault on Symfony cache:clear).
- GD:
- EXIF:
- FPM:
- Intl:
- Implemented FR #78912 (INTL Support for accounting format).
- Mysqlnd:
- Fixed bug #78823 (ZLIB_LIBS not added to EXTRA_LIBS).
- OPcache:
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- Fixed bug #78935 (Preloading removes classes that have dependencies).
- PCRE:
- Fixed bug #78853 (preg_match() may return integer > 1).
- Reflection:
- Fixed bug #78895 (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).
- Standard:
PHP 7.3.12 Release Notes
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
- Core:
- Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
- Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
- Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
- Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
- Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
- Fixed bug #78296 (is_file fails to detect file).
- EXIF:
- GD:
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
- MBString:
- Upgraded bundled Oniguruma to 6.9.4.
- OPcache:
- Fixed potential ASLR related invalid opline handler issues.
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- PCRE:
- Fixed bug #78853 (preg_match() may return integer > 1).
- Standard:
- Fixed bug #78759 (array_search in $GLOBALS).
- Fixed bug #77638 (var_export’ing certain class instances segfaults).
- Fixed bug #78840 (imploding $GLOBALS crashes).
- Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
- Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
PHP 7.2.26 Release Notes
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
- Core:
- EXIF:
- GD:
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
- Intl:
- Fixed bug #78804 (Segmentation fault in Locale::filterMatches).
- OPcache:
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- Standard:
Quelle: https://www.php.net/
Antworten