Skip to content

Commit 1234971

Browse files
bukkabukka
committed
Update NEWS with security fixes info
1 parent 7cf6791 commit 1234971

File tree

1 file changed

+27
-3
lines changed

1 file changed

+27
-3
lines changed

NEWS

Lines changed: 27 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,12 @@
11
PHP NEWS
22
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3-
?? ??? ????, PHP 8.3.14
3+
21 Now 2024, PHP 8.3.14
44

5-
- Cli:
5+
- CLI:
66
. Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server
77
started through shebang). (ilutov)
8+
. Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
9+
Processing in CLI SAPI Interface). (nielsdos)
810

911
- COM:
1012
. Fixed out of bound writes to SafeArray data. (cmb)
@@ -79,10 +81,18 @@ PHP NEWS
7981
. Fixed segfaults and other issues related to operator overloading with
8082
GMP objects. (Girgias)
8183

84+
- LDAP:
85+
. Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
86+
(nielsdos)
87+
8288
- MBstring:
8389
. Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
8490
(David Carlier)
8591

92+
- MySQLnd:
93+
. Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through
94+
heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka)
95+
8696
- Opcache:
8797
. Fixed bug GH-16408 (Array to string conversion warning emitted in
8898
optimizer). (ilutov)
@@ -95,7 +105,15 @@ PHP NEWS
95105
. Fix various memory leaks on error conditions in openssl_x509_parse().
96106
(nielsdos)
97107

98-
- PDO_ODBC:
108+
- PDO DBLIB:
109+
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
110+
OOB writes). (CVE-2024-11236) (nielsdos)
111+
112+
- PDO Firebird:
113+
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
114+
causing OOB writes). (CVE-2024-11236) (nielsdos)
115+
116+
- PDO ODBC:
99117
. Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb)
100118

101119
- Phar:
@@ -141,6 +159,12 @@ PHP NEWS
141159
. Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with
142160
bail enabled). (ilutov)
143161

162+
- Streams:
163+
. Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
164+
might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
165+
. Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
166+
convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)
167+
144168
- SysVMsg:
145169
. Fixed bug GH-16592 (msg_send() crashes when a type does not properly
146170
serialized). (David Carlier / cmb)

0 commit comments

Comments
 (0)