New upstream version 5.4.37upstream/5.4.37

author: Ondřej Surý <ondrej@sury.org> 2015-01-26 11:35:34 +0100
committer: Ondřej Surý <ondrej@sury.org> 2015-01-26 11:35:34 +0100
commit: 37df7e2d1076497e3295648878d39f5bceb8c4e1 (patch)
tree: dbfd5d31f8a296d4cce366a0106bf500ca15c9f5 /NEWS
parent: d69b64eedc8c3c75da8074f761539ef2cb3ef4cb (diff)
download: php-upstream/5.4.37.tar.gz
1 files changed, 25 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 0bd17f079..5f884e653 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,27 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+22 Jan 2015 PHP 5.4.37
+- Core:
+  . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
+    (CVE-2015-0231) (Stefan Esser)
+
+- CGI:
+  . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
+    (Stas)
+
+- EXIF:
+  . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) (Stas)
+
+- Fileinfo:
+  . Removed readelf.c and related code from libmagic sources
+    (Remi, Anatol)
+  . Fixed bug #68735 (fileinfo out-of-bounds memory access).
+    (Anatol)
+
+- OpenSSL:
+  . Fixed bug #55618 (use case-insensitive cert name matching).
+    (Daniel Lowrey)
+
 18 Dec 2014 PHP 5.4.36
 
 - Core:
@@ -8,6 +30,9 @@ PHP                                                                        NEWS
   . Fixed bug #68594 (Use after free vulnerability in unserialize()).
     (CVE-2014-8142) (Stefan Esser)
 
+- Mcrypt:
+  . Fixed possible read after end of buffer and use after free. (Dmitry)
+
 13 Nov 2014 PHP 5.4.35
 
 - Core:
author	Ondřej Surý <ondrej@sury.org>	2015-01-26 11:35:34 +0100
committer	Ondřej Surý <ondrej@sury.org>	2015-01-26 11:35:34 +0100
commit	37df7e2d1076497e3295648878d39f5bceb8c4e1 (patch)
tree	dbfd5d31f8a296d4cce366a0106bf500ca15c9f5 /NEWS
parent	d69b64eedc8c3c75da8074f761539ef2cb3ef4cb (diff)
download	php-upstream/5.4.37.tar.gz