Changelog for
php70-php-debuginfo-7.0.33-25.fc31.remi.x86_64.rpm :
* Wed Feb 03 2021 Remi Collet
- 7.0.33-25- Fix #80672 Null Dereference in SoapClient CVE-2021-21702- better fix for #77423
* Mon Jan 04 2021 Remi Collet - 7.0.33-24- Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo CVE-2020-7071
* Tue Sep 29 2020 Remi Collet - 7.0.33-23- Core: Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent CVE-2020-7070
* Tue Aug 04 2020 Remi Collet - 7.0.33-22- Core: Fix #79877 getimagesize function silently truncates after a null byte- Phar: Fix #79797 use of freed hash key in the phar_parse_zipfile function CVE-2020-7068
* Tue May 12 2020 Remi Collet - 7.0.33-21- Core: Fix #78875 Long filenames cause OOM and temp files are not cleaned CVE-2019-11048 Fix #78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned
* Tue Apr 14 2020 Remi Collet - 7.0.33-20- standard: Fix #79330 shell_exec silently truncates after a null byte Fix #79465 OOB Read in urldecode CVE-2020-7067
* Tue Mar 17 2020 Remi Collet - 7.0.33-19- standard: Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066- exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064- use oracle client library version 19.6 (18.5 on EL-6)
* Tue Feb 18 2020 Remi Collet - 7.0.33-18- dom: Fix #77569 Write Access Violation in DomImplementation- phar: Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions CVE-2020-7063- session: Fix #79221 Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7062
* Thu Jan 23 2020 Remi Collet - 7.0.33-17- mbstring: Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060- standard: Fix #79099 OOB read in php_strip_tags_ex CVE-2020-7059
* Tue Dec 17 2019 Remi Collet - 7.0.33-15- bcmath: Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046- core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045- exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047- use oracle client library version 19.5 (18.5 on EL-6)
* Tue Oct 22 2019 Remi Collet - 7.0.33-14- FPM: Fix CVE-2019-11043 env_path_info underflow in fpm_main.c
* Wed Aug 28 2019 Remi Collet - 7.0.33-13- mbstring: Fix CVE-2019-13224 don\'t allow different encodings for onig_new_deluxe- pcre: Fix #75457 heap use-after-free in pcrelib
* Tue Jul 30 2019 Remi Collet - 7.0.33-12- exif: Fix #78256 heap-buffer-overflow on exif_process_user_comment CVE-2019-11042 Fix #78222 heap-buffer-overflow on exif_scan_thumbnail CVE-2019-11041- phar: Fix #77919 Potential UAF in Phar RSHUTDOWN
* Tue Jul 02 2019 Remi Collet - 7.0.33-11- use oracle client library version 19.3- disable opcache.huge_code_pages in default configuration
* Tue May 28 2019 Remi Collet - 7.0.33-9- iconv: Fix #78069 Out-of-bounds read in iconv.c:_php_iconv_mime_decode() CVE-2019-11039- exif: Fix #77988 Heap-buffer-overflow on php_jpg_get16 CVE-2019-11040- sqlite3: Fix #77967 Bypassing open_basedir restrictions via file uris
* Tue Apr 30 2019 Remi Collet - 7.0.33-8- exif: Fix #77950 Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG CVE-2019-11036
* Tue Apr 02 2019 Remi Collet - 7.0.33-7- exif: Fix #77753 Heap-buffer-overflow in php_ifd_get32s CVE-2019-11034 Fix #77831 Heap-buffer-overflow in exif_iif_add_value CVE-2019-11035- sqlite3: Added sqlite3.defensive INI directive
* Fri Mar 15 2019 Remi Collet - 7.0.33-6- Fix #76846 Segfault in shutdown function after memory limit error
* Tue Mar 05 2019 Remi Collet - 7.0.33-5- Fix #77630 rename() across the device may allow unwanted access during processing CVE-2019-9637
* Mon Mar 04 2019 Remi Collet - 7.0.33-4- exif: Fix #77509 Uninitialized read in exif_process_IFD_in_TIFF CVE-2019-9641 Fix #77540 Invalid Read on exif_process_SOFn CVE-2019-9640 Fix #77563 Uninitialized read in exif_process_IFD_in_MAKERNOTE CVE-2019-9638 Fix #77659 Uninitialized read in exif_process_IFD_in_MAKERNOTE CVE-2019-9639- phar: Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename Fix #77586 - phar_tar_writeheaders_int() buffer overflow- spl: Fix #77431 openFile() silently truncates after a null byte