Internet Bug Bounty: Use-after-free in ArrayObject Deserialization

The bug report at: https://bugs.php.net/bug.php?id=73144 The fix commit at: https://github.com/php/php-src/commit/f74d7d92c8bc1edc2505e0b58546217e9e1ecb40...

php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

Critical PHP Bug Security Notice and Patch

Earlier this week, a PHP Security Notice was made due to a critical bug in PHP that could cause PHP to fail should a value of 2.2250738585072011e-308 be set to a PHP value. More information can be found here: http://bugs.php.net/bug.php?id=53632...