From 6a75ec7b86fc3f19b758a0e6525e9df7eb87a9f9 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 1 Mar 2018 10:08:47 +0100
Subject: fix #73549: Use after free when stream is passed to imagepng fix
 #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 fix
 #73869: Signed Integer Overflow gd_io.c CVE-2016-10168 fix #74435: Buffer
 over-read into uninitialized memory CVE-2017-7890 fix #75571: Potential
 infinite loop in gdImageCreateFromGifCtx CVE-2018-5711 fix #75981:
 stack-buffer-overflow while parsing HTTP response

---
 php54.spec | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

(limited to 'php54.spec')

diff --git a/php54.spec b/php54.spec
index 4f653e0..f85cacf 100644
--- a/php54.spec
+++ b/php54.spec
@@ -98,7 +98,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.4.45
-Release: 13%{?dist}
+Release: 14%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -222,6 +222,12 @@ Patch261: bug73737.patch
 Patch262: bug73764.patch
 Patch263: bug73768.patch
 Patch264: bug73773.patch
+Patch265: bug73549.patch
+Patch266: bug73868.patch
+Patch267: bug73869.patch
+Patch268: bug74435.patch
+Patch269: bug75571.patch
+Patch270: bug75981.patch
 
 # Fixes for tests
 # no_NO issue
@@ -994,6 +1000,12 @@ rm -f ext/json/utf8_to_utf16.*
 %patch262 -p1 -b .bug73764
 %patch263 -p1 -b .bug73768
 %patch264 -p1 -b .bug73773
+%patch265 -p1 -b .bug73549
+%patch266 -p1 -b .bug73868
+%patch267 -p1 -b .bug73869
+%patch268 -p1 -b .bug74435
+%patch269 -p1 -b .bug75571
+%patch270 -p1 -b .bug75981
 
 # Fixes for tests
 %patch301 -p1 -b .datetests2
@@ -1659,7 +1671,7 @@ cat << EOF
  backported from 5.5 or 5.6,
  The UPGRADE to a maintained version is very strongly RECOMMENDED.
 
-%if %{?fedora}%{!?fedora:99} < 24
+%if %{?fedora}%{!?fedora:99} < 26
  WARNING : Fedora %{fedora} is now EOL :
  You should consider upgrading to a supported release
 %endif
@@ -1880,6 +1892,18 @@ fi
 
 
 %changelog
+* Thu Mar  1 2018 Remi Collet <remi@remirepo.net> - 5.4.45-14
+- fix #73549: Use after free when stream is passed to imagepng
+- fix #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
+  CVE-2016-10167
+- fix #73869: Signed Integer Overflow gd_io.c
+  CVE-2016-10168
+- fix #74435: Buffer over-read into uninitialized memory
+  CVE-2017-7890
+- fix #75571: Potential infinite loop in gdImageCreateFromGifCtx
+  CVE-2018-5711
+- fix #75981: stack-buffer-overflow while parsing HTTP response
+
 * Sat Feb 18 2017 Remi Collet <remi@remirepo.net> - 5.4.45-13
 - fix #73737: FPE when parsing a tag format
   CVE-2016-10158
-- 
cgit