Version 5.2.14 22-July-2010 Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe) Updated timezone database to version 2010.5. (Derick) Upgraded bundled PCRE to version 8.02. (Ilia) Rewrote var_export() to use smart_str rather than output buffering, revents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott) Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe) Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe) Fixed a possible memory corruption in substr_replace() (Dmitry) Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia) Reset error state in PDO::beginTransaction() reset error state. (Ilia) Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia) Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam) Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry) Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe) Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe) Fixed bug #52061 (memory_limit above 2G). (Felipe) Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry) Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com) Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe) Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::). (Felipe) Fixed bug #51822 (Segfault with strange __destruct() for static class variables). (Dmitry) Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) Fixed bug #51670 (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick) Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre) Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL <7.4). (Felipe, wdierkes at 5dollarwhitebox dot org) Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe) Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). (Felipe) Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com) Fixed bug #51607 (pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com) Fixed bug #51604 (newline in end of header is shown in start of message). (Daniel Egeberg) Fixed bug #51562 (query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com) Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry) Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne) Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe) Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains timezone). (Adam) Fixed bug #51374 (Wrongly initialized object properties). (Etienne) Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com) Fixed bug #51273 (Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl) Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam) Fixed bug #51263 (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe) Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com) Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com) Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws). Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan) Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones) Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris Jones) Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert) Fixed bug #50762 (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com) Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing) Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe) Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) Fixed bug #49267 (Linking fails for iconv). (Moriyosh) Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob) Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com). Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus) Fixed bug #33210 (getimagesize() fails to detect width/height on certain JPEGs). (Ilia) Fixed bug #23229 (syslog() truncates messages). (Adam)
The buglinks are of course for the PHP site.
this bug is useless. just pasting two screens of crap doesn't help anyone.
Please add version dev-lang/php-5.2.14 to the tree. It is a version bump and fixes the CVEs listed in summary.
Pls re-assign bug to php dev herd.
I'll be duping it against the proper bug with the next change. Don't even think about reopening this thing again.
*** This bug has been marked as a duplicate of bug 332039 ***