PHP 8.1.25 RC1
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- GD:
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
03 May 2019, PHP 7.1.29
- EXIF:
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
- Mail:
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
Patrick Allaert has announced the release candidate for PHP 8.1.25 for testing.