PHP 7.0.6 Released
Posted on: 04/29/2016 06:12 PM

PHP 7.0.6 has been released

PHP 7.0.6 Released


The PHP development team announces the immediate availability of PHP 7.0.6. This is a security release. Several security bugs were fixed in this release, including

CVE-2016-3078
CVE-2016-3074

All PHP 7.0 users are encouraged to upgrade to this version.

Change Log:

Core:
Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1' failed).
Fixed bug #71922 (Crash on assert(new class{})).
Fixed bug #71914 (Reference is lost in "switch").
Fixed bug #71871 (Interfaces allow final and abstract functions).
Fixed bug #71859 (zend_objects_store_call_destructors operates on realloced memory, crashing).
Fixed bug #71841 (EG(error_zval) is not handled well).
Fixed bug #71750 (Multiple Heap Overflows in php_raw_url_encode/ php_url_encode).
Fixed bug #71731 (Null coalescing operator and ArrayAccess).
Fixed bug #71609 (Segmentation fault on ZTS with gethostbyname).
Fixed bug #71428 (inheritance and allow_null).
Fixed bug #71414 (Inheritance, traits and interfaces).
Fixed bug #71359 (Null coalescing operator and magic).
Fixed bug #71334 (Cannot access array keys while uksort()).
Fixed bug #69659 (ArrayAccess, isset() and the offsetExists method).
Fixed bug #69537 (__debugInfo with empty string for key gives error).
Fixed bug #62059 (ArrayObject and isset are not friends).
Fixed bug #71980 (Decorated/Nested Generator is Uncloseable in Finally).
BCmath:
Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition).
Curl:
Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
Date:
Fixed bug #71889 (DateInterval::format Segmentation fault).
EXIF:
Fixed bug #72094 (Out of bounds heap read access in exif header processing).
GD:
Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)
Intl:
Fixed bug #71516 (IntlDateFormatter looses locale if pattern is set via constructor).
Fixed bug #70455 (Missing constant: IntlChar::NO_NUMERIC_VALUE).
Fixed bug #70451, #70452 (Inconsistencies in return values of IntlChar methods).
Fixed bug #68893 (Stackoverflow in datefmt_create).
Fixed bug #66289 (Locale::lookup incorrectly returns en or en_US if locale is empty).
Fixed bug #70484 (selectordinal doesn't work with named parameters).
Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset).
ODBC:
Fixed bug #63171 (Script hangs after max_execution_time).
Opcache:
Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
PDO:
Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
Fixed bug #71447 (Quotes inside comments not properly handled).
PDO_DBlib:
Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte).
Add DBLIB-specific attributes for controlling timeouts.
PDO_pgsql:
Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used).
Postgres:
Fixed bug #71820 (pg_fetch_object binds parameters before call constructor).
Fixed bug #71998 (Function pg_insert does not insert when column type = inet).
SOAP:
Fixed bug #71986 (Nested foreach assign-by-reference creates broken variables).
SPL:
Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't access properties in PHP).
Fixed bug #71735 (Double-free in SplDoublyLinkedList::offsetSet).
Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails offsetExists()).
Fixed bug #52339 (SPL autoloader breaks class_exists()).
Standard:
Fixed bug #72116 (array_fill optimization breaks implementation).
Fixed bug #71995 (Returning the same var twice from __sleep() produces broken serialized data).
Fixed bug #71940 (Unserialize crushes on restore object reference).
Fixed bug #71969 (str_replace returns an incorrect resulting array after a foreach by reference).
Fixed bug #71891 (header_register_callback() and register_shutdown_function()).
Fixed bug #71884 (Null pointer deref (segfault) in stream_context_get_default).
Fixed bug #71840 (Unserialize accepts wrongly data).
Fixed bug #71837 (Wrong arrays behaviour).
Fixed bug #71827 (substr_replace bug, string length).
Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined).
XML:
Fixed bug #72099 (xml_parse_into_struct segmentation fault).
Zip:
Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078)



Printed from CompatDB (http://www.compatdb.org/news/story/php_7_6_released.html)