Debian 10260 Published by

Ondřej Surý has released updated PHP 5.6.40, PHP 7.0.33 packages as well 7.1.33, 7.2.24, 7.3.11, and 7.4.0-RC4 packages for Debian GNU/Linux 8, 9, and 10



PHP 7.3.11:
- Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser)
. Fixed bug #78620 (Out of memory error). (cmb, Nikita)

- Exif :
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
(Kalle)

- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)
. Fixed bug #78413 (request_terminate_timeout does not take effect after
fastcgi_finish_request). (Sergei Turchanov)

- MBString:
. Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi). (cmb)
. Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
(cmb)
. Fixed bug #78609 (mb_check_encoding() no longer supports stringable
objects). (cmb)

- MySQLi:
. Fixed bug #76809 (SSL settings aren't respected when persistent connections
are used). (fabiomsouto)

- Mysqlnd:
. Fixed bug #78525 (Memory leak in pdo when reusing native prepared
statements). (Nikita)

- PCRE:
. Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze
child process). (Nikita)

- PDO_MySQL:
. Fixed bug #78623 (Regression caused by "SP call yields additional empty
result set"). (cmb)

- Session:
. Fixed bug #78624 (session_gc return value for user defined session
handlers). (bshaffer)

- Standard:
. Fixed bug #76342 (file_get_contents waits twice specified timeout).
(Thomas Calvet)
. Fixed bug #78612 (strtr leaks memory when integer keys are used and the
subject string shorter). (Nikita)
. Fixed bug #76859 (stream_get_line skips data if used with data-generating
filter). (kkopachev)

- Zip:
. Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
PHP 7.2.24:
- Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser)
. Fixed bug #78620 (Out of memory error). (cmb, Nikita)

- Exif:
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
(Kalle)

- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)

- MBString:
. Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
(cmb)
. Fixed bug #78609 (mb_check_encoding() no longer supports stringable
objects). (cmb)

- MySQLi:
. Fixed bug #76809 (SSL settings aren't respected when persistent connections
are used). (fabiomsouto)

- PDO_MySQL:
. Fixed bug #78623 (Regression caused by "SP call yields additional empty
result set"). (cmb)

- Session:
. Fixed bug #78624 (session_gc return value for user defined session
handlers). (bshaffer)

- Standard:
. Fixed bug #76342 (file_get_contents waits twice specified timeout).
(Thomas Calvet)
. Fixed bug #78612 (strtr leaks memory when integer keys are used and the
subject string shorter). (Nikita)
. Fixed bug #76859 (stream_get_line skips data if used with data-generating
filter). (kkopachev)

- Zip:
. Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
PHP 7.1.33 / 7.0.33-12 / 5.4.40-13:

- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)
  PHP 5.4.40-13, 7.0.33-12, 7.1.33, 7.2.24, 7.3.11 and 7.4.0-RC4 for Debian