From 14af75a3038eff8af244db294486a1561729233c Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 10 Dec 2018 17:11:36 +0100 Subject: Fix #77231 Segfault when using convert.quoted-printable-encode filter Fix #77020 null pointer dereference in imap_mail CVE-2018-19935 Fix #77153 imap_open allows to run arbitrary shell commands via mailbox parameter CVE-2018-19158 --- php54.spec | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'php54.spec') diff --git a/php54.spec b/php54.spec index 815597f..b0bb171 100644 --- a/php54.spec +++ b/php54.spec @@ -27,6 +27,7 @@ %ifarch ppc ppc64 %global oraclever 10.2.0.2 %else +# See exclude line in mock configuration %global oraclever 12.1 %endif @@ -98,7 +99,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.4.45 -Release: 15%{?dist} +Release: 16%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -229,6 +230,9 @@ Patch268: bug74435.patch Patch269: bug75571.patch Patch270: bug75981.patch Patch271: bug76582.patch +Patch272: bug77153.patch +Patch273: bug77020.patch +Patch274: bug77231.patch # Fixes for tests # no_NO issue @@ -1008,6 +1012,9 @@ rm -f ext/json/utf8_to_utf16.* %patch269 -p1 -b .bug75571 %patch270 -p1 -b .bug75981 %patch271 -p1 -b .bug76582 +%patch272 -p1 -b .bug77153 +%patch273 -p1 -b .bug77020 +%patch274 -p1 -b .bug77231 # Fixes for tests %patch301 -p1 -b .datetests2 @@ -1894,6 +1901,14 @@ fi %changelog +* Mon Dec 10 2018 Remi Collet - 5.4.45-16 +- Fix #77231 Segfault when using convert.quoted-printable-encode filter +- Fix #77020 null pointer dereference in imap_mail + CVE-2018-19935 +- Fix #77153 imap_open allows to run arbitrary shell commands via + mailbox parameter + CVE-2018-19158 + * Fri Sep 14 2018 Remi Collet - 5.4.45-15 - fix #76582: XSS due to the header Transfer-Encoding: chunked -- cgit