Software 42837 Published by

PHP 7.3.11, 7.2.24, and 7.1.33 has been released



PHP 7.3.11:
- Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser)
. Fixed bug #78620 (Out of memory error). (cmb, Nikita)

- Exif :
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
(Kalle)

- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)
. Fixed bug #78413 (request_terminate_timeout does not take effect after
fastcgi_finish_request). (Sergei Turchanov)

- MBString:
. Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi). (cmb)
. Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
(cmb)
. Fixed bug #78609 (mb_check_encoding() no longer supports stringable
objects). (cmb)

- MySQLi:
. Fixed bug #76809 (SSL settings aren't respected when persistent connections
are used). (fabiomsouto)

- Mysqlnd:
. Fixed bug #78525 (Memory leak in pdo when reusing native prepared
statements). (Nikita)

- PCRE:
. Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze
child process). (Nikita)

- PDO_MySQL:
. Fixed bug #78623 (Regression caused by "SP call yields additional empty
result set"). (cmb)

- Session:
. Fixed bug #78624 (session_gc return value for user defined session
handlers). (bshaffer)

- Standard:
. Fixed bug #76342 (file_get_contents waits twice specified timeout).
(Thomas Calvet)
. Fixed bug #78612 (strtr leaks memory when integer keys are used and the
subject string shorter). (Nikita)
. Fixed bug #76859 (stream_get_line skips data if used with data-generating
filter). (kkopachev)

- Zip:
. Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
Download

PHP 7.2.24:
- Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser)
. Fixed bug #78620 (Out of memory error). (cmb, Nikita)

- Exif:
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
(Kalle)

- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)

- MBString:
. Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
(cmb)
. Fixed bug #78609 (mb_check_encoding() no longer supports stringable
objects). (cmb)

- MySQLi:
. Fixed bug #76809 (SSL settings aren't respected when persistent connections
are used). (fabiomsouto)

- PDO_MySQL:
. Fixed bug #78623 (Regression caused by "SP call yields additional empty
result set"). (cmb)

- Session:
. Fixed bug #78624 (session_gc return value for user defined session
handlers). (bshaffer)

- Standard:
. Fixed bug #76342 (file_get_contents waits twice specified timeout).
(Thomas Calvet)
. Fixed bug #78612 (strtr leaks memory when integer keys are used and the
subject string shorter). (Nikita)
. Fixed bug #76859 (stream_get_line skips data if used with data-generating
filter). (kkopachev)

- Zip:
. Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
Download

PHP 7.1.33:

- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)
Download