PHP Security und Bugfix Release 7.4.5 – 7.3.17 und 7.2.30

Die freie Skript- / Programmiersprache, PHP, erhielt für die Zweige 7.4, 7.3 und 7.2 ein Security Update sowie einige Bugfixes.

PHP 7.4.5 Release Notes

• Core:
  • Fixed bug #79364 (When copy empty array, next key is unspecified).
  • Fixed bug #78210 (Invalid pointer address).
• CURL:
  • Fixed bug #79199 (curl_copy_handle() memory leak).
• Date:
  • Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
  • Fixed bug #74940 (DateTimeZone loose comparison always true).
• FPM:
  • Implement request #77062 (Allow numeric [UG]ID in FPM listen.{owner,group}) (Andre Nathan)
• Iconv:
  • Fixed bug #79200 (Some iconv functions cut Windows-1258).
• OPcache:
  • Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
• Session:
  • Fixed bug #79413 (session_create_id() fails for active sessions).
• Shmop:
  • Fixed bug #79427 (Integer Overflow in shmop_open()).
• SimpleXML:
  • Fixed bug #61597 (SXE properties may lack attributes and content).
• SOAP:
  • Fixed bug #79357 (SOAP request segfaults when any request parameter is missing).
• Spl:
  • Fixed bug #75673 (SplStack::unserialize() behavior).
  • Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
• Standard:
  • Fixed bug #79330 (shell_exec() silently truncates after a null byte).
  • Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
  • Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
• Zip:
  • Fixed bug #79296 (ZipArchive::open fails on empty file).
  • Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).

PHP 7.3.17 Release Notes

• Core:
  • Fixed bug #79364 (When copy empty array, next key is unspecified).
  • Fixed bug #78210 (Invalid pointer address).
• CURL:
  • Fixed bug #79199 (curl_copy_handle() memory leak).
• Date:
  • Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
• Iconv:
  • Fixed bug #79200 (Some iconv functions cut Windows-1258).
• OPcache:
  • Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
• Session:
  • Fixed bug #79413 (session_create_id() fails for active sessions).
• Shmop:
  • Fixed bug #79427 (Integer Overflow in shmop_open()).
• SimpleXML:
  • Fixed bug #61597 (SXE properties may lack attributes and content).
• Spl:
  • Fixed bug #75673 (SplStack::unserialize() behavior).
  • Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
• Standard:
  • Fixed bug #79330 (shell_exec() silently truncates after a null byte).
  • Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
  • Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
• Zip:
  • Fixed bug #79296 (ZipArchive::open fails on empty file).
  • Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).

PHP 7.2.30 Release Notes

Standard:

• Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
• Fixed bug #79330 (shell_exec() silently truncates after a null byte).
• Fixed bug #79465 (OOB Read in urldecode()).