Subject: CVS commit: pkgsrc/lang
From: Takahiro Kambe
Date: 2019-12-21 08:02:15
Message id: 20191221070215.8E40AFA97@cvs.NetBSD.org
Log Message:
lang/php72: update to 7.2.26

Update php73 to 7.2.26, including security fixes.

19 Dec 2019, PHP 7.2.26

- Bcmath:
  . Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
    (cmb)

- Core:
  . Fixed bug #78862 (link() silently truncates after a null byte on Windows).
    (CVE-2019-11044). (cmb)
  . Fixed bug #78863 (DirectoryIterator class silently truncates after a null
    byte). (CVE-2019-11045). (cmb)

- EXIF:
  . Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer).
    (CVE-2019-11050). (Nikita)
  . Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
    (Nikita)

- GD:
  . Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb)

- Intl:
  . Fixed bug #78804 (Segmentation fault in Locale::filterMatches). (Stas)

- OPcache:
  . Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
    (Tyson Andre)

- Standard:
  . Fixed bug #78759 (array_search in $GLOBALS). (Nikita)
  . Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
    (cmb)
  . Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
    (cmb)
Files:
RevisionActionfile
1.50modifypkgsrc/lang/php72/distinfo