- Fix #79971: special character is breaking the path in xml function (CVE-2021-21707) - Fix bug #80672: Null Dereference in SoapClient. (CVE-2021-21702) - Fix bug #79699: PHP parses encoded cookie names so malicious `__Host-` cookies can be sent (CVE-2020-7070) - Fix bug #78875: Long variables cause OOM and temp files are not cleaned. (CVE-2019-11048) - Fix bug #78876: Long variables in multipart/form-data cause OOM and temp files are not cleaned. (CVE-2019-11048) - Fix bug #79465: OOB Read in urldecode() (CVE-2020-7067) - Fix bug #79282: Use-of-uninitialized-value in exif (CVE-2020-7064) - Fix bug #79329: get_headers silently truncates after a null byte (CVE-2020-7066) - Fix bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059) - Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046) - Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047) - Fixed CVE-2019-13224 - Fix for bug 76129 (CVE-2018-10547) Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file - CVE-2017-11143: wddx parsing empty boolean tag leads to SIGSEGV - CVE-2017-11144: negative-size-param (-1) in memcpy in zif_openssl_seal() - CVE-2017-11145: wddx_deserialize() heap out-of-bound read via php_parse_date() - CVE-2017-11146: wddx_deserialize() heap out-of-bound read via php_parse_date() (caused by CVE-2017-11145) - CVE-2017-7890: Buffer over-read into uninitialized memory - CVE-2017-9224: Buffer Overflow in match_at() (Oniguruma issue) - CVE-2017-9226: Heap corruption in next_state_val() in 15 encodings (Oniguruma issue) - CVE-2017-9227: Bug in mbc_enc_len() (Oniguruma issue) - CVE-2017-9228: Heap corruption in next_state_val() due to uninitialized local variable (Oniguruma issue) - CVE-2017-9229: SIGSEGV in left_adjust_char_head() due to bad dereference (Oniguruma issue) - Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635) - bug 70081: SoapClient info leak / null pointer dereference via multiple type confusions (CVE-2015-8835) - Improve check for :memory: pseudo-filename in SQlite (CVE-2012-3365) - bug 72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128) - bug 73825: Heap out of bounds read on unserialize in finish_nested_data() (CVE-2016-10161) - bug 73737: FPE when parsing a tag format (CVE-2016-10158) - CVE-2012-2688: Integer Overflow issues in _php_stream_scandir - CVE-2016-7418: Out-Of-Bounds Read in php_wddx_push_element of wddx.c - CVE-2016-5399: Inadequate error handling in bzread() - CVE-2016-6288: php_url_parse_ex() buffer overflow read - CVE-2016-6289: Stack-based buffer overflow vulnerability in virtual_file_ex - CVE-2016-6290: Use After Free in unserialize() with Unexpected Session Deserialization - CVE-2016-6296: heap-buffer-overflow (write) simplestring_addn simplestring.c - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow - CVE-2016-5772: Double Free Corruption in wddx_deserialize - CVE-2015-8874: Stack overflow with imagefilltoborder - CVE-2015-6835: Use after free vulnerability in session deserializer - CVE-2016-5094: (core) integer overflow in php_html_entities - security bug 71912: libgd: signedness vulnerability (CVE-2016-3074) - security bug 72094: Out of bounds heap read access in exif header processing (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544) - security bug 72093: bcpowmod accepts negative scale and corrupts _one_ definition (CVE-2016-4537, CVE-2016-4538) - improve php-5.1.6-CVE-2010-2191.patch (ALTPHP-84) - Add patches for CVEs: CVE-2015-6836, CVE-2015-6837, CVE-2015-6838 - fix patches: CVE-2012-0830, CVE-2015-4025, CVE-2015-4026 - Fix bug #78875: Long variables cause OOM and temp files are not cleaned (CVE-2019-11048) - Fix bug #78876: Long variables in multipart/form-data cause OOM and temp files are not cleaned (CVE-2019-11048) - Fix bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) - bug 70350: ZipArchive::extractTo allows for directory traversal when creating directories (CVE-2014-9767) - Disabled external entities loading (CVE-2013-1643, CVE-2013-1824) - bug 73764: Crash while loading hostile phar archive (CVE-2016-10159) - bug 73768: Memory corruption when loading hostile phar (CVE-2016-10160) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf - CVE-2016-7413: wddx_deserialize use-after-free - CVE-2016-7414: Out of bound when verify signature of zip phar in phar_parse_zipfile - CVE-2016-7416: SEH buffer overflow msgfmt_format_message - CVE-2016-6291: Out of bound read in exif_process_IFD_in_MAKERNOTE - CVE-2016-6294: locale_accept_from_http out-of-bounds access - CVE-2015-8879: PHP segfaults when accessing nvarchar(max) defined columns - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener - CVE-2016-4343: (phar) uninitialized pointer in phar_make_dirstream() - CVE-2016-5093: (intl) get_icu_value_internal out-of-bounds read - CVE-2016-5096: (core) integer underflow / arbitrary null write in fread/gzread - security bug 72099: xml_parse_into_struct segmentation fault (CVE-2016-4539) - security bug 72061: Out-of-bounds reads in zif_grapheme_stripos with negative offset (CVE-2016-4540, CVE-2016-4541) - security bug CVE-2015-5590: Buffer overflow and stack smashing error in phar_fix_filepath - Add patches for CVEs: CVE-2015-6833, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838 - add paches for CVE-2013-4248 and CVE-2013-6420 - CVE-2021-21703: fix error in php fpm shared memory organization leading to privilage escalation - CVE-2021-21707: fix handling of paths with percent encoded NULL byte - Fixed bug #78863 (DirectoryIterator class silently truncates after a nullbyte). (CVE-2019-11045) - Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) - ALTPHP-451: Fix for CVE-2016-7478 Unserialize Exception object can lead to infinite loop - bug 72455 Heap Overflow due to integer overflows (CVE-2016-5769) - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize - bug 70014: openssl_random_pseudo_bytes() is not cryptographically secure (CVE-2015-8867) - bug 70121: unserialize() could lead to unexpected methods execution / NULL pointer deref (CVE-2015-8876) - bug 71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut (CVE-2016-4073) - CVE-2016-7417: Missing type check when unserializing SplArray - add patch for CVE-2011-4885 - fix patch for CVE-2012-0830 - disable CVE-2015-4025 patch - Fix bug #79037: global buffer-overflow in `mbfl_filt_conv_big5_wchar` (CVE-2020-7060) - Fix bug #79221: Null Pointer Dereference in PHP Session Upload Progress (CVE-2020-7062) - ALTPHP-186: add HardenedPHP patch for CVE-2016-5769 - CVE-2016-7412: Heap overflow in mysqlnd related to BIT fields - CVE-2016-6292: NULL Pointer Dereference in exif_process_user_comment - CVE-2016-6295: Use After Free Vulnerability in SNMP with GC and unserialize() - CVE-2016-5768: _php_mb_regex_ereg_replace_exec - double free - CVE-2016-5771: Use After Free Vulnerability in PHP's GC algorithm and unserialize - CVE-2016-7568: Integer Overflow in gdImageWebpCtx of gd_webp.c - CVE-2016-7411: Memory Corruption in During Deserialized-object Destruction - Fix bug #79797: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068) - Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044) - Fix bug #79601: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)