Commit: 0731bb2d1952a577b31bce6e69681ae554ef47fb Author: Lior Kaplan <[email protected]> Wed, 9 Sep 2015 13:54:25 +0300 Parents: 879ecdd1aa3491fea407f18b88867ba41c62e85e Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=0731bb2d1952a577b31bce6e69681ae554ef47fb Log: Add shared CVE for #70172, #70365 and #70366 (PHP 5.4.45, 5.5.29, 5.6.13) Bugs: https://bugs.php.net/70172 https://bugs.php.net/70365 https://bugs.php.net/70366 Changed paths: M ChangeLog-5.php Diff: diff --git a/ChangeLog-5.php b/ChangeLog-5.php index 05eabfb..0c4ac66 100644 --- a/ChangeLog-5.php +++ b/ChangeLog-5.php @@ -16,7 +16,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change <li><?php bugfix(69900); ?> (Too long timeout on pipes).</li> <li><?php bugfix(69487); ?> (SAPI may truncate POST data).</li> <li><?php bugfix(70198); ?> (Checking liveness does not work as expected).</li> - <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()).</li> + <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()). (CVE-2105-6834)</li> <li><?php bugfix(70219); ?> (Use after free vulnerability in session deserializer). (CVE-2015-6835)</li> </ul></li> <li>CLI server: @@ -58,8 +58,8 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change <ul> <li><?php bugfix(70290); ?> (Null pointer deref (segfault) in spl_autoload via ob_start).</li> <li><?php bugfix(70303); ?> (Incorrect constructor reflection for ArrayObject).</li> - <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li> - <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li> + <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)</li> + <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)</li> </ul></li> <li>Standard: <ul> @@ -82,7 +82,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change <?php release_date('03-Sep-2015'); ?> <ul><li>Core: <ul> - <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()).</li> + <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()). (CVE-2105-6834)</li> <li><?php bugfix(70219); ?> (Use after free vulnerability in session deserializer). (CVE-2015-6835)</li> </ul></li> <li>EXIF: @@ -103,8 +103,8 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change </ul></li> <li>SPL: <ul> - <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li> - <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li> + <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)</li> + <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)</li> </ul></li> <li>XSLT: <ul> @@ -122,7 +122,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change <b><?php release_date('03-Sep-2015'); ?></b> <ul><li>Core: <ul> - <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()).</li> + <li><?php bugfix(70172); ?> (Use After Free Vulnerability in unserialize()). (CVE-2105-6834)</li> <li><?php bugfix(70219); ?> (Use after free vulnerability in session deserializer). (CVE-2015-6835)</li> </ul></li> <li>EXIF: @@ -143,8 +143,8 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change </ul></li> <li>SPL: <ul> - <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li> - <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li> + <li><?php bugfix(70365); ?> (Use-after-free vulnerability in unserialize() with SplObjectStorage). (CVE-2015-6834)</li> + <li><?php bugfix(70366); ?> (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (CVE-2015-6834)</li> </ul></li> <li>XSLT: <ul> -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
