Path to this page:
Subject: CVS commit: pkgsrc/lang
From: Takahiro Kambe
Date: 2019-12-21 08:02:15
Message id: 20191221070215.8E40AFA97@cvs.NetBSD.org
Log Message:
lang/php72: update to 7.2.26
Update php73 to 7.2.26, including security fixes.
19 Dec 2019, PHP 7.2.26
- Bcmath:
. Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
(cmb)
- Core:
. Fixed bug #78862 (link() silently truncates after a null byte on Windows).
(CVE-2019-11044). (cmb)
. Fixed bug #78863 (DirectoryIterator class silently truncates after a null
byte). (CVE-2019-11045). (cmb)
- EXIF:
. Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer).
(CVE-2019-11050). (Nikita)
. Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
(Nikita)
- GD:
. Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb)
- Intl:
. Fixed bug #78804 (Segmentation fault in Locale::filterMatches). (Stas)
- OPcache:
. Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
(Tyson Andre)
- Standard:
. Fixed bug #78759 (array_search in $GLOBALS). (Nikita)
. Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
(cmb)
. Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
(cmb)
Files: