New changelog entries:
* SECURITY UDPATE: Null dereference pointer
- debian/patches/CVE-2020-7062.patch: avoid null dereference in
ext/session/session.c.
- CVE-2020-7062
* SECURITY UPDATE: Lax permissions on files added to tar with Phar
- debian/patches/CVE-2020-7063.patch: enforce correct permissions
for files add to tar with Phar in ext/phar/phar_object.c,
ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082*.
- CVE-2020-7063
* SECURITY UPDATE: Read one byte of uninitialized memory
- debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- debian/patches/Fix_test_bug79282.patch: fix test in
ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
* SECURITY UPDATE: Truncated url due \0
- debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
- CVE-2020-7066
New changelog entries:
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-7059.patch: fix OOB read in
php_strip_tags_ex in ext/standard/string.c and added test
ext/standard/tests/file/bug79099.phpt.
- CVE-2020-7059
* SECURITY UPDATE: Buffer-overflow
- debian/patches/CVE-2020-7060.patch: fix adding a check function
is_in_cp950_pua in ext/mbstring/libmbfl/filters/mbfilter_big5.c
and added test ext/mbstring/tests/bug79037.phpt.
- CVE-2020-7060
New changelog entries:
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
to avoid an overflow in ext/exif.exif.c and adding test to
ext/exif/tests/bug78222.phpt.
- CVE-2019-11041
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11042.patch: check ByteCount in order to
avoid an overflow in ext/exif/exif.c and adding tests to
ext/exif/tests/bug78256.phpt.
- CVE-2019-11042