* Enforce security in the fastcgi protocol parsing with fpm SAPI. * Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153) * Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092) * Fixed bug #54055 (buffer overrun with high values for precision ini setting). * Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708) * Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)
Key enhancements in PHP 5.3.6 include:
* Upgraded bundled Sqlite3 to version 3.7.4. * Upgraded bundled PCRE to version 8.11. * Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/
Proxy-Authorization. * Added options to debug backtrace functions. * Changed default value of ini directive serialize_precision from 100 to 17. * Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime error). * Fixed Bug #53958 (Closures can't 'use' shared variables by value and by reference). * Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash). * Over 60 other bug fixes.
