summaryrefslogtreecommitdiffstats
path: root/php54.spec
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2018-03-01 10:08:47 +0100
committerRemi Collet <remi@remirepo.net>2018-03-01 10:08:47 +0100
commit6a75ec7b86fc3f19b758a0e6525e9df7eb87a9f9 (patch)
tree3063e2862ede5cb869233359d021731e3b156e90 /php54.spec
parentf6bab89b5b2345cac08d761e2fd93f7d18da8aea (diff)
fix #73549: Use after free when stream is passed to imagepng
fix #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 fix #73869: Signed Integer Overflow gd_io.c CVE-2016-10168 fix #74435: Buffer over-read into uninitialized memory CVE-2017-7890 fix #75571: Potential infinite loop in gdImageCreateFromGifCtx CVE-2018-5711 fix #75981: stack-buffer-overflow while parsing HTTP response
Diffstat (limited to 'php54.spec')
-rw-r--r--php54.spec28
1 files changed, 26 insertions, 2 deletions
diff --git a/php54.spec b/php54.spec
index 4f653e0..f85cacf 100644
--- a/php54.spec
+++ b/php54.spec
@@ -98,7 +98,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: 5.4.45
-Release: 13%{?dist}
+Release: 14%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -222,6 +222,12 @@ Patch261: bug73737.patch
Patch262: bug73764.patch
Patch263: bug73768.patch
Patch264: bug73773.patch
+Patch265: bug73549.patch
+Patch266: bug73868.patch
+Patch267: bug73869.patch
+Patch268: bug74435.patch
+Patch269: bug75571.patch
+Patch270: bug75981.patch
# Fixes for tests
# no_NO issue
@@ -994,6 +1000,12 @@ rm -f ext/json/utf8_to_utf16.*
%patch262 -p1 -b .bug73764
%patch263 -p1 -b .bug73768
%patch264 -p1 -b .bug73773
+%patch265 -p1 -b .bug73549
+%patch266 -p1 -b .bug73868
+%patch267 -p1 -b .bug73869
+%patch268 -p1 -b .bug74435
+%patch269 -p1 -b .bug75571
+%patch270 -p1 -b .bug75981
# Fixes for tests
%patch301 -p1 -b .datetests2
@@ -1659,7 +1671,7 @@ cat << EOF
backported from 5.5 or 5.6,
The UPGRADE to a maintained version is very strongly RECOMMENDED.
-%if %{?fedora}%{!?fedora:99} < 24
+%if %{?fedora}%{!?fedora:99} < 26
WARNING : Fedora %{fedora} is now EOL :
You should consider upgrading to a supported release
%endif
@@ -1880,6 +1892,18 @@ fi
%changelog
+* Thu Mar 1 2018 Remi Collet <remi@remirepo.net> - 5.4.45-14
+- fix #73549: Use after free when stream is passed to imagepng
+- fix #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
+ CVE-2016-10167
+- fix #73869: Signed Integer Overflow gd_io.c
+ CVE-2016-10168
+- fix #74435: Buffer over-read into uninitialized memory
+ CVE-2017-7890
+- fix #75571: Potential infinite loop in gdImageCreateFromGifCtx
+ CVE-2018-5711
+- fix #75981: stack-buffer-overflow while parsing HTTP response
+
* Sat Feb 18 2017 Remi Collet <remi@remirepo.net> - 5.4.45-13
- fix #73737: FPE when parsing a tag format
CVE-2016-10158