. CVE-2020-7064  EXIF: Use-of-uninitialized-value in exif (#79282)
  . CVE-2020-7066  Standard: get_headers() silently truncates after a null byte (#79329)
  . CVE-2020-7063  Phar: Files added to tar with Phar::buildFromIterator have all-access permissions (#79082)
  . CVE-2020-7059  Standard: OOB read in php_strip_tags_ex (#79099)
  . CVE-2019-13224 MBString: don't allow different encodings for onig_new_deluxe (#78380)
  . CVE-2019-11050 EXIF: Use-after-free in exif parsing under memory sanitizer (#78793)
  . CVE-2019-11048 Core: Long variables in multipart/form-data cause OOM and temp files are not cleaned (#78876)
  . CVE-2019-11048 Core: Long filenames cause OOM and temp files are not cleaned (#78875)
  . CVE-2019-11047 EXIF: Heap-buffer-overflow READ in exif (#78910)
  . CVE-2019-11046 Bcmath: Buffer underflow in bc_shift_addsub (#78878)
  . CVE-2019-11045 Core: DirectoryIterator class silently truncates after a null byte (#78863)
  . CVE-2019-11043 FPM: env_path_info underflow in fpm_main.c can lead to RCE (#78599)
  . CVE-2019-11042 EXIF: heap-buffer-overflow on exif_process_user_comment (#78256)
  . CVE-2019-11041 EXIF: heap-buffer-overflow on exif_scan_thumbnail (#78222)

- security issues
  . CVE-2019-9021  Phar: heap buffer overflow in phar_detect_phar_fname_ext (#77247)
  . CVE-2017-11147 Phar: Seg fault when loading hostile phar (#73773)
  . CVE-2018-20783 Phar: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile (#77143)
  . CVE-2016-7411  Standard: Memory Corruption in During Deserialized-object Destruction (#73052)
  . CVE-2017-11145 Core: wddx_deserialize() heap out-of-bound read via php_parse_date() (#74819)
  . CVE-2017-11628 Core: PHP INI Parsing Stack Buffer Overflow Vulnerability (#74603)
  . CVE-2017-12933 Core: Heap buffer overread (READ: 1) finish_nested_data from unserialize (#74111)
  . CVE-2017-11144 OpenSSL: negative-size-param (-1) in memcpy in zif_openssl_seal() (#74651)
  . CVE-2017-16642 Date: Out-Of-Bounds Read in timelib_meridian() (#75055)
  . CVE-2016-1283  PCRE: applied upstream patch for (#75207)
  . CVE-2018-17082 Apache2: XSS due to the header Transfer-Encoding: chunked (#76582)
  . CVE-2018-19518 IMAP: imap_open allows to run arbitrary shell commands via mailbox parameter (#77153)
  . CVE-2019-9023  Mbstring: Buffer overflow on mb regex functions - fetch_token (#77370)
  . CVE-2019-9023  Mbstring: heap buffer overflow in mb regex functions - compile_string_node (#77371)
  . CVE-2019-9023  Mbstring: heap buffer overflow in multibyte match_at (#77381)
  . CVE-2019-9023  Mbstring: heap buffer overflow due to incorrect length in expand_case_fold_string (#77382)
  . CVE-2019-9023  Mbstring: buffer overflow in fetch_token (#77385)
  . CVE-2019-9023  Mbstring: Buffer overflow in multibyte case folding - unicode (#77394)
  . CVE-2019-9023  Mbstring: Heap overflow in utf32be_mbc_to_code (#77418)
  . CVE-2019-9020  Xmlrpc: heap out of bounds read in xmlrpc_decode() (#77242)
  . CVE-2019-9024  Xmlrpc: Global out of bounds read in xmlrpc base64 code (#77380)
  . CVE-2019-11034 EXIF: Heap-buffer-overflow in php_ifd_get32s (#77753)
  . CVE-2019-11035 EXIF: Heap-buffer-overflow in exif_iif_add_value (#77831)
  . CVE-2019-11036 EXIF: Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG (#77950)
  . CVE-2019-11040 EXIF: heap-buffer-overflow on php_jpg_get16 (#77988)
  . CVE-2018-14883 EXIF: Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c (#76423)
  . CVE-2018-14851 EXIF: heap-buffer-overflow (READ of size 48) while reading exif data (#76557)
  . CVE-2018-5711  GD: Potential infinite loop in gdImageCreateFromGifCtx (#75571)
  . CVE-2019-6977  GD: imagecolormatch Out Of Bounds Write on Heap (#77270)
  . CVE-2019-11038 GD: Uninitialized read in gdImageCreateFromXbm (#77973)
  . CVE-2019-11039 Iconv: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to int overflow (#78069)
  . CVE-2017-11143 WDDX: wddx parsing empty boolean tag leads to SIGSEGV (#74145)

- security issues
  . CVE-2018-10545 FPM: Dumpable FPM child processes allow bypassing opcache access controls (#75605)
  . CVE-2018-10546 iconv: stream filter convert.iconv leads to infinite loop on invalid sequence (#76249)
  . CVE-2018-10548 LDAP: Malicious LDAP-Server Response causes Crash (#76248)
  . CVE-2018-10547 Phar: fix for CVE-2018-5712 may not be complete (#76129)

- security issues
  . CVE-2017-7890 Buffer over-read from unitialized data in gdImageCreateFromGifCtx function

- security issues
  . CVE-2017-9224 fixed mbstring Oniguruma
  . CVE-2017-9226 fixed mbstring Oniguruma
  . CVE-2017-9227 fixed mbstring Oniguruma
  . CVE-2017-9228 fixed mbstring Oniguruma
  . CVE-2017-9229 fixed mbstring Oniguruma
- fixed execdir bugs
  . fixed #15 But when using "2>&1" in exec command
  . fixed #16 error "NULL byte detected."

- security issues
  . CVE-2016-9933 GD: imagefilltoborder stackoverflow on truecolor images (#72696)
  . CVE-2016-10161 Standard: Heap out of bounds read on unserialize in finish_nested_data() (#73825)
  . CVE-2016-10159 Phar: Crash while loading hostile phar archive (#73764)
  . CVE-2016-10160 Phar: Memory corruption when loading hostile phar (#73768)
  . CVE-2016-10167 GD: DOS vulnerability in gdImageCreateFromGd2Ctx() (#73868)
  . CVE-2016-10168 GD: Signed Integer Overflow gd_io.c (#73869)
  . CVE-2016-10158 EXIF: FPE when parsing a tag format (#73737)

- security issues
  . nosafe_mode_exec_dir: backtics and $() syntax weakness after semi colon #8
    https://github.com/OOPS-ORG-PHP/mod_execdir/issues/8

- security issues
  . CVE-2016-5399 BZ2: do not treat negative returns from bz2 as size_t (#72613)
  . CVE-2016-5766 GD: Integer Overflow in _gd2GetHeader() resulting in heap overflow (#72339)
  . CVE-2016-5767 GD: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (#72446)

- security issues
  . CVE-2016-5385 Core: don't set environmental variable based on user supplied Proxy request header

- fixed zend_mm_heap corrupted problems of exec_dir patch
- security issues
  . CVE-2016-4070 Standard: Integer Overflow in php_raw_url_encode (#71798)
  . CVE-2016-4072 Phar: Invalid memory write in phar on filename with \0 in name (#71860)
  . CVE-2016-4073 Mbstring: AddressSanitizer: negative-size-param (-1) in mbfl_strcut (#71906)
  . CVE-2015-8865 Fileinfo: Buffer over-write in finfo_open with malformed magic file (#71527)
  . CVE-2016-3074 GD: libgd: signedness vulnerability (#71912)
  . fixed bug #72099 XML: xml_parse_into_struct segmentation fault
  . CVE-2016-4343 Phar: Uninitialized pointer in phar_make_dirstream() (#71331)
  . fixed bug #72135 Core: Integer Overflow in php_html_entities
  . fixed bug #72114 Core: Integer underflow / arbitrary null write in fread/gzread
  . CVE-2015-8874 GD: Stack overflow with imagefilltoborder (#66387)
  . CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389,
    CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394
    Upgraded pcrelib to 8.38

- security issues
  . fixed bug #71039 Core: exec functions ignore length but look for NULL termination
  . fixed bug #71323 Core: Output of stream_get_meta_data can be falsified by its input
  . fixed bug #71459 Core: Integer overflow in iptcembed()
  . fixed bug #71354 Phar: Heap corruption in tar/zip/phar parser
  . fixed bug #71391 Phar: NULL Pointer Dereference in phar_tar_setupmetadata()
  . fixed bug #71488 Phar: Stack overflow when decompressing tar archives

- security issues
  . fixed bug #69720 Phar: Null pointer dereference in phar_get_fp_offset()
  . fixed bug #70433 Phar: Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
  . fixed bug #70728 XMLRPC: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()
  . fixed bug #70755 FPM: fpm_log.c memory leak and buffer overflow
  . fixed bug #70661 WDDX: Use After Free Vulnerability in WDDX Packet Deserialization
  . Fixed bug #70741 WDDX: Session WDDX Packet Deserialization Type Confusion Vulnerability

- security issues
  . CVE-2015-6834 core: Use After Free Vulnerability in unserialize() (#70172, #70365)
  . CVE-2015-6835 core: Use after free vulnerability in session deserializer (#70219)
  . CVE-2015-6836 soap: serialize_function_call() type confusion / RCE (#70388)
  . CVE-2015-6837 xslt: NULL pointer dereference (#69782)
  . CVE-2015-6838 xslt: NULL pointer dereference (#69782)
  . #70385 exif: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
  . #70312 hash: HAVAL gives wrong hashes in specific cases
  . #70345 pcre: Multiple vulnerabilities related to PCRE functions
  . #70350 zip:  ZipArchive::extractTo allows for directory traversal when creating directories

- fixed php-pgsql obsolete

- security issues
  . CVE-2014-9425
  . CVE-2014-9709
  . CVE-2014-9705
  . CVE-2015-2301
  . CVE-2015-2783
  . CVE-2015-3329
  . CVE-2015-4021
  . CVE-2015-4022
  . CVE-2015-4024
  . CVE-2015-4026

- official bug fix
  . #69353 Missing null byte checks for paths in various PHP extensions
  . #69152 Type Confusion Infoleak Vulnerability in unserialize() with SoapFault

- security issues
  . CVE-2015-2331 ZIP: Integer Overflow leads to writing past heap boundary (#69253)
  . CVE-2015-2305 Ereg: heap overflow vulnerability in regcomp.c (#69248)
  . CVE-2015-2787 Core: Use After Free Vulnerability in unserialize() (#68976)
  . CVE-2015-1352 pgsql: Null pointer deference (#68741)

- security issues
  . CVE-2015-0273 Use after free vulnerability in unserialize() (#68594)

- security issues
  . CVE-2014-8142 Use after free vulnerability in unserialize() (#68594)
  . CVE-2015-0232 Free called on unitialized pointer (#68799)
  . CVE-2015-0231 Use After Free Vulnerability in PHP's unserialize() (#68710)
  . CVE-2015-0235 Mitigation for glibc gethostbyname buffer overflow (#68925)

- security issues
  . CVE-2014-3668 (#68027) Global buffer overflow in mkgmtime() function
  . CVE-2014-3670 (#68113) Heap corruption in exif_thumbnail()
  . CVE-2014-3669 (#68044) Integer overflow in unserialize() (32-bits only)
  . CVE-2014-3710 (#68283) fileinfo: out-of-bounds read in elf note headers

- security issues
  . CVE-2014-3597 (#67717) segfault in dns_get_record
  . CVE-2014-5120 (#b67730) Null byte injection possible with imagexxx functions
  . CVE-2014-2497 (#66901) php-gd 'c_color' NULL pointer dereference
  . CVE-2014-3587 (#67716) Segfault in cdf.c

- Official bug fix
  . #66127 Segmentation fault with ArrayObject unset
  . #67247 spl_fixedarray_resize integer overflow
  . #67249 printf out-of-bounds read
  . #67250 iptcparse out-of-bounds read
  . #67252 convert_uudecode out-of-bounds read
  . #67359 Segfault in recursiveDirectoryIterator
  . #67390 insecure temporary file use in the configure script (CVE-2014-3981)
  . #67399 putenv with empty variable may lead to crash
  . #67492 unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion (CVE-2014-3515)
  . #67498 phpinfo() Type Confusion Information Leak Vulnerability
  . #67251 date_parse_from_format out-of-bounds read
  . #67253 timelib_meridian_with_check out-of-bounds read
  . #66307 Fileinfo crashes with powerpoint files
  . #67326 fileinfo: cdf_read_short_sector insufficient boundary check (CVE-2014-0207)
  . #67327 fileinfo: CDF infinite loop in nelements DoS (CVE-2014-0238)
  . #67328 fileinfo: numerous file_printf calls resulting in performance degradation (CVE-2014-0237)
  . #67410 fileinfo: mconvert incorrect handling of truncated pascal string size.
  . #67411 fileinfo: cdf_check_stream_offset insufficient boundary check.
  . #67412 fileinfo: cdf_count_chain insufficient boundary check.
  . #67413 fileinfo: cdf_read_property_info insufficient boundary check.
  . #67349 Locale::parseLocale Double Free
  . #67397 Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)
  . #67432 Fix potential segfault in dns_check_record()). (CVE-2014-4049)
  . Fix missing type checks in various functions

- security issues
  . CVE-2014-3981
  . CVE-2014-3515
  . CVE-2014-0207
  . CVE-2014-0238
  . CVE-2014-0237
  . CVE-2014-4049

- security issues
  . CVE-2013-7345 #66946 extensive backtracking in awk rule regular expression

- security issue
  . CVE-2014-2270 #66820 out-of-bounds memory access in fileinfo
  . CVE-2014-1943 #66731 file: infinite recursion

- Official bug fix
  . #66501 Add EC key support to php_openssl_is_private_key
  . #60602 proc_open() changes environment array
  . #66535 Don't add newline after X-PHP-Originating-Script
  . #66762i Segfault in mysqli_stmt::bind_result() when link closed

- fixed segfault in mysqlnd when doing long prepare from patch of 5.3.7
  news #72595 (http://news.php.net/php.cvs/72595)
  http://git.php.net/?p=php-src.git;a=commitdiff;h=9fc38183b707341b6eddb8c196d0ea2b7c13d6a9

- update 5.3.28

- security issue
  . CVE-2013-6420 Fixed memory corruption in openssl_x509_parse()

- Official bug fix
  . #62672 Error on serialize of ArrayObject
  . #60560 SplFixedArray un-/serialize, getSize(), count() return 0,
           keys are strings
  . #65328 Segfault when getting SplStack object Value
  . #64802 openssl_x509_parse fails to parse subject properly in some cases
  . #50308 session id not appended properly for empty anchor tags
  . #65564 stack-buffer-overflow in DateTimeZone stuff caught
  . #65554 createFromFormat broken when weekday name is followed
  . #65458 curl memory leak
  . #60598 cli/apache sapi segfault on objects manipulation
  . #61759 class_alias() should accept classes with leading backslashes
  . #62396 'make test' crashes starting with 5.3.14 (missing gzencode())
  . #61548 content-type must appear at the end of headers for 201 Location
           to work in htt
  . #64441 FILTER_VALIDATE_URL rejects fully qualified domain names
  . #65708 dba functions cast $key param to string in-place, bypassing copy
           on write
  . #64157 DateTime::createFromFormat() reports confusing error message
  . #51936 Crash with clone XMLReader
  . #64230 XMLReader does not suppress errors
  . #64760 var_export() does not use full precision for floating-point numbers
  . #66033 Segmentation Fault when constructor of PDO statement throws an exception
  . #65946 sql_parser permanently converts values bound to strings on PDO
  . #66124 mysqli under mysqlnd loses precision when bind_param with 'i'
  . #66141 mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after
           failed query
  . #66043 Segfault calling bind_param() on mysqli
  . #64874 json_decode handles whitespace and case-sensitivity incorrectly
  . #66094 unregister_tick_function tries to cast a Closure to a string
  . #66321 ZipArchive::open() ze_obj->filename_len not real
  . #66229 128.0.0.0/16 isn't reserved any longer
  . #65873 Integer overflow in exif_read_data()
  . #65196 Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces
           invalid Markup
  . #63391 Incorrect/inconsistent day of week prior to the year 1600
  . #61599 Wrong Day of Week
  . #66060 Heap buffer over-read in DateInterval
  . #61645 fopen and O_NONBLOCK

- security issues
  . CVE-2013-4073 Fixed handling null bytes in subjectAltName

- update 5.3.27

- security issues
  . #65236 heap corruption in xml parser

- update 5.3.26
- update pecl libevent extension 0.1.0
- update pecl ncurses extension 1.0.2

- Official bug fix
  . #53437 Crash when using unserialized DatePeriod instance
  . #64949 Buffer overflow in _pdo_pgsql_error.
  . #64609 pg_convert enum type support.
  . #64960 Segfault in gc_zval_possible_root.
  . #64934 Apache2 TS crash with get_browser()
  . #64966 segfault in zend_do_fcall_common_helper_SPEC
  . #64997 Segfault while using RecursiveIteratorIterator on 64-bits systems

- security issues
  . CVE 2013-2110 Heap based buffer overflow in quoted_printable_encode (#64879)

- add ldap pagenation patch from PHP 5.4
- build fpm sapi

- Fixed bug #62593 Emulate prepares behave strangely with PARAM_BOOL
- Fixed bug #63447 max_input_vars doesn't filter variables when
  mbstring.encoding_translation = On
- set realpath_cache_force to enable, force enable realpath_cache_size
  and realpath_cache_ttl although safe_mode or open_basedir set enabled.

- update 5.3.18
- Always support short tag with echo '<?='
- pecl memcache update to 2.2.7
- pecl libevent update to 0.0.5
- support system tz data option
- Fixed bug #63297 (Phar fails to write an openssl based signature).
- Fixed bug #63240 (stream_get_line() return contains delimiter string).
- Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
- Fixed bug #63284 (Upgrade PCRE to 8.31).
- Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
- Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
- Fixed compilation failure on mixed 32/64 bit systems.
- Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak).

- fixed CVE-2012-1823
- fixed CVE-2012-2143
- fixed CVE-2012-2688
- fixed CVE-2012-3365
- fixed bug 61948 CURLOPT_COOKIFILE '' raises open_basedir restriction
- fixed bug 62885 mysqli_poll - Segmentation fault
- fixed bug 61367 open_basedir bypass using libxml RSHUTDOWN
                  Add open_basedir checks to readline_write_history and readline_read_history
                  open_basedir check for linkinfo

- fixed CVE-2012-1172
- fixed CVE-2012-0831