5.5.232015-02-20stable(leaks when unused inner class use traits precedence).69174(Crash in gc_zval_possible_root on unserialize).69139(Segfault in get_current_user when script owner is not in passwd with ZTS build).69121(Segfault when calling ob_start from output buffering callback).65593(Fail to push to the empty array with the constant value defined in class scope).69017(pointer returned by php_stream_fopen_temporary_file not validated in memory.c).68986(Exception with invalid character causes segv).68166(Missing arguments in reflection info for some builtin functions).69141(Use After Free Vulnerability in unserialize()). (CVE-2015-2787)68976CVE-2015-2787(Per Directory Values overrides PHP_INI_SYSTEM configuration options).69134(move_uploaded_file allows nulls in path). (CVE-2015-2348)69207CVE-2015-2348(php-cgi's getopt does not see $argv).69015(auto_prepend_file messes up __LINE__).67741(PHP_MINIT_FUNCTION does not fully initialize cURL on Win32).69088Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl.(heap overflow vulnerability in regcomp.c). (CVE-2015-2305)69248CVE-2015-2305(request time is reset too early).68822Fixed bug #64695 (JSON_NUMERIC_CHECK has issues with strings that are numbers plus the letter e).(Allowed memory size exhausted with odbc_exec).68964(Array numeric string as key).69125(switch(SOMECONSTANT) misbehaves).69038, [#68329](http://bugs.php.net/68329), [#68046](http://bugs.php.net/68046), [#41631](http://bugs.php.net/41631) (encrypted streams don't observe socket timeouts).61285(pg_update() fails to store infinite values).68638(Null dereference in readline_(read|write)_history() without parameters).69054(SoapClient's __call() type confusion through unserialize()). (CVE-2015-4147, CVE-2015-4148)69085CVE-2015-4147("Segmentation fault" when (de)serializing SplObjectStorage).69108(RecursiveDirectoryIterator::seek(0) broken after calling getChildren()).68557(ZIP Integer Overflow leads to writing past heap boundary). (CVE-2015-2331)69253CVE-2015-2331