From: Michael Wallner Date: Wed, 5 Oct 2016 06:19:41 +0000 (+0200) Subject: CVE number is known now X-Git-Tag: RELEASE_2_6_0~2 X-Git-Url: https://git.m6w6.name/?a=commitdiff_plain;h=8fe1ea10f4f65d9806fefa374a9f41a792ad9c81;p=m6w6%2Fext-http CVE number is known now --- diff --git a/CHANGELOG.md b/CHANGELOG.md index 7413bb8..15fa244 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,7 @@ * Fix gh-issue #36: Unexpected cookies sent if persistent_handle_id is used (Mike, @rcanavan, @afflerbach) * Fix gh-issue #34: allow setting multiple headers with the same name (Mike, @rcanavan) * Fix gh-issue #33: allow setting prodyhost request option to NULL (Mike, @rcanavan) -* Fix gh-issue #31: add/improve configure checks for default CA bundle/path (Mike, @rcanavan) +* Fix gh-issue #31: add/improve configure checks for default CA bundle/path (Mike, @rcanavan) Changes from beta1: * Fixed PHP-5.3 compatibility @@ -32,7 +32,7 @@ Changes from beta1: Changes from beta2: * Fix bug #73055: crash in http\QueryString (Mike, @rc0r) (CVE-2016-7398) -* Fix bug #73185: Buffer overflow in HTTP parse_hostinfo() (Mike, @rc0r) +* Fix bug #73185: Buffer overflow in HTTP parse_hostinfo() (Mike, @rc0r) (CVE-2016-7961) * Fix HTTP/2 version parser for older libcurl versions (Mike) ## 2.6.0beta2, 2016-09-07 diff --git a/CVE.md b/CVE.md index 413fb9d..45e71b4 100644 --- a/CVE.md +++ b/CVE.md @@ -6,4 +6,4 @@ ID | GH-Issue/PHP-Bug | Summary --------------|----------------------------------------------------|-----------------------------------------------|--------------------|------- CVE-2016-5873 | [PHP-71719](https://bugs.php.net/bug.php?id=71719) | Buffer overflow in HTTP url parsing functions | 2.5.6, 3.0.1 | https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5 CVE-2016-7398 | [PHP-73055](https://bugs.php.net/bug.php?id=73055) | Type confusion vulnerability in merge_param() | 2.6.0RC1, 3.1.0RC1 | https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83 -CVE-2016-???? | [PHP-73185](https://bugs.php.net/bug.php?id=73185) | Buffer overflow in HTTP parse_hostinfo() | 2.6.0RC1, 3.1.0RC1 | https://github.com/m6w6/ext-http/commit/ec043079e9915d7d1f4cb06eeadb2c7fca195658 \ No newline at end of file +CVE-2016-7961 | [PHP-73185](https://bugs.php.net/bug.php?id=73185) | Buffer overflow in HTTP parse_hostinfo() | 2.6.0RC1, 3.1.0RC1 | https://github.com/m6w6/ext-http/commit/ec043079e9915d7d1f4cb06eeadb2c7fca195658 \ No newline at end of file