archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Update NEWS with entries for security fixes

Browse source
This commit is contained in:
Jakub Zelenka 2025-06-26 11:30:21 +02:00 committed by Saki Takamachi
parent 758e1e3192
commit 80637d11b3
No known key found for this signature in database
GPG key ID: 770426E17EBBB3DD
1 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
NEWS
View file

@ -1,6 +1,6 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.4.9
03 Jul 2025, PHP 8.4.9
- BcMath:
. Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes).
@ -49,6 +49,10 @@ PHP NEWS
. Fixed bug #74796 (Requests through http proxy set peer name).
(Jakub Zelenka)
- PGSQL:
. Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during
escaping). (CVE-2025-1735) (Jakub Zelenka)
- PDO ODBC:
. Fix memory leak if WideCharToMultiByte() fails. (nielsdos)
@ -79,8 +83,14 @@ PHP NEWS
. Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning
string with UTF-8 bytes). (nielsdos)
- Soap:
- SOAP:
. Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
. Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension
via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos)
- Standard:
. Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames).
(CVE-2025-1220) (Jakub Zelenka)
- Tidy:
. Fix memory leak in tidy output handler on error. (nielsdos)