Fix #77231 Segfault when using convert.quoted-printable-encode filter

Fix #77020 null pointer dereference in imap_mail CVE-2018-19935
Fix #77153 imap_open allows to run arbitrary shell commands via mailbox parameter CVE-2018-19158

1 files changed, 16 insertions, 1 deletions

diff --git a/php54.spec b/php54.spec
index 815597f..b0bb171 100644
--- a/php54.spec
+++ b/php54.spec
@@ -27,6 +27,7 @@
 %ifarch ppc ppc64
 %global oraclever 10.2.0.2
 %else
+# See exclude line in mock configuration
 %global oraclever 12.1
 %endif
 
@@ -98,7 +99,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.4.45
-Release: 15%{?dist}
+Release: 16%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -229,6 +230,9 @@ Patch268: bug74435.patch
 Patch269: bug75571.patch
 Patch270: bug75981.patch
 Patch271: bug76582.patch
+Patch272: bug77153.patch
+Patch273: bug77020.patch
+Patch274: bug77231.patch
 
 # Fixes for tests
 # no_NO issue
@@ -1008,6 +1012,9 @@ rm -f ext/json/utf8_to_utf16.*
 %patch269 -p1 -b .bug75571
 %patch270 -p1 -b .bug75981
 %patch271 -p1 -b .bug76582
+%patch272 -p1 -b .bug77153
+%patch273 -p1 -b .bug77020
+%patch274 -p1 -b .bug77231
 
 # Fixes for tests
 %patch301 -p1 -b .datetests2
@@ -1894,6 +1901,14 @@ fi
 
 
 %changelog
+* Mon Dec 10 2018 Remi Collet <remi@remirepo.net> - 5.4.45-16
+- Fix #77231 Segfault when using convert.quoted-printable-encode filter
+- Fix #77020 null pointer dereference in imap_mail
+  CVE-2018-19935
+- Fix #77153 imap_open allows to run arbitrary shell commands via
+  mailbox parameter
+  CVE-2018-19158
+
 * Fri Sep 14 2018 Remi Collet <remi@remirepo.net> - 5.4.45-15
 - fix #76582: XSS due to the header Transfer-Encoding: chunked