MGASA-2020-0119

Updated php packages fix bugs and security vulnerabilities:

Core: - Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported). - Fixed bug #79146 (cscript can fail to run on some systems). - Fixed bug #78323 (Code 0 is returned on invalid options). - Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments). CURL: - Fixed bug #79078 (Hypothetical use-after-free in curlmultiaddhandle()). Intl: - Fixed bug #79212 (NumberFormatter::format() may detect wrong type). Libxml: - Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()). MBString: - Fixed bug #79154 (mbconvertencoding() can modify $fromencoding). MySQLnd: - Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLIBOTH). OpenSSL: - Fixed bug #79145 (openssl memory leak). Phar: - Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) - Fixed bug #79171 (heap-buffer-overflow in pharextractfile). (CVE-2020-7061) - Fixed bug #76584 (PharFileInfo::decompress not working). Reflection: - Fixed bug #79115 (ReflectionClass::isCloneable call reflected class _destruct). Session: - Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) SPL: - Fixed bug #79151 (heap use after free caused by spldllistithelpermoveforward). Standard: - Fixed bug #78902 (Memory leak when using streamfilter_append). XSL: - Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).