Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531)。
Fixed a possible resource destruction issues in shm_put_var()。
Fixed a possible information leak because of interruption of XOR operator.
Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
Fixed a possible memory corruption in ArrayObject::uasort()。
Fixed a possible memory corruption in parse_str()。
Fixed a possible memory corruption in pack()。
Fixed a possible memory corruption in substr_replace()。
Fixed a possible memory corruption in addcslashes()。
Fixed a possible stack exhaustion inside fnmatch()。
Fixed a possible dechunking filter buffer overflow.
Fixed a possible arbitrary memory access inside sqlite extension.
Fixed string format validation inside phar extension.
Fixed handling of session variable serialization on certain prefix characters.
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288)。
Fixed SplObjectStorage unserialization problems (CVE-2010-2225)。
Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
Fixed possible buffer overflows when handling error packets in mysqlnd.
Key enhancements in PHP 5.3.3 include:
Upgraded bundled sqlite to version 3.6.23.1.
Upgraded bundled PCRE to version 8.02.
Added FastCGI Process Manager (FPM) SAPI.
Added stream filter support to mcrypt extension.
Added full_special_chars filter to ext/filter.
Fixed a possible crash because of recursive GC invocation.
Fixed bug #52238 (Crash when an Exception occured in iterator_to_array)。
Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function)。
Fixed bug #52060 (Memory leak when passing a closure to method_exists())。
Fixed bug #52001 (Memory allocation problems after using variable variables)。
Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows)。
Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP 》= 5.3)。
For users upgrading from PHP 5.2 there is a migration guide available on http://php.net/migration53, detailing the changes between those releases and PHP 5.3.
PHP5.2.14主要更新清单
Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
Fixed a possible interruption array leak in strrchr()。(CVE-2010-2484)
Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim()。
Fixed a possible memory corruption in substr_replace()。
Fixed SplObjectStorage unserialization problems (CVE-2010-2225)。
Fixed a possible stack exaustion inside fnmatch()。
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288)。
Fixed handling of session variable serialization on certain prefix characters.
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
Key enhancements in PHP 5.2.14 include:
Upgraded bundled PCRE to version 8.02.
Updated timezone database to version 2010.5.
Fixed bug #52238 (Crash when an Exception occured in iterator_to_array)。
Fixed bug #52237 (Crash when passing the reference of the property of a non-object)。
Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function)。
Fixed bug #51822 (Segfault with strange __destruct() for static class variables)。
Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues)。
Fixed bug #49267 (Linking fails for iconv on MacOS: “Undefined symbols: _libiconv”)。
扫一扫
517
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
