From e2958a432947f16a89f196171a572abc1c506154 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 23 Jun 2016 15:53:37 +0200 Subject: PHP 5.4.45 with security fix from 5.5.37 --- php54.spec | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) (limited to 'php54.spec') diff --git a/php54.spec b/php54.spec index d5982c5..ba036b9 100644 --- a/php54.spec +++ b/php54.spec @@ -98,7 +98,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.4.45 -Release: 9%{?dist} +Release: 10%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -188,6 +188,18 @@ Patch228: bug72114.patch Patch229: bugoverflow.patch Patch230: bug72135.patch Patch231: bug72241.patch +Patch232: bug66387.patch +Patch233: bug72340.patch +Patch234: bug72275.patch +# For #72400, #72403, #72268 +Patch235: bug72400.patch +Patch236: bug72339.patch +Patch237: bug72298.patch +Patch238: bug72402.patch +Patch239: bug72433.patch +Patch240: bug72434.patch +Patch241: bug72455.patch +Patch242: bug72446.patch # Fixes for tests # no_NO issue @@ -927,6 +939,17 @@ rm -f ext/json/utf8_to_utf16.* %patch229 -p1 -b .bugoverflow %patch230 -p1 -b .bug72135 %patch231 -p1 -b .bug72241 +%patch232 -p1 -b .bug66387 +%patch233 -p1 -b .bug72340 +%patch234 -p1 -b .bug72275 +%patch235 -p1 -b .bug72400 +%patch236 -p1 -b .bug72339 +%patch237 -p1 -b .bug72298 +%patch238 -p1 -b .bug72402 +%patch239 -p1 -b .bug72433 +%patch240 -p1 -b .bug72434 +%patch241 -p1 -b .bug72455 +%patch242 -p1 -b .bug72446 # Fixes for tests %patch301 -p1 -b .datetests2 @@ -1816,6 +1839,28 @@ fi %changelog +* Tue Jun 21 2016 Remi Collet 5.4.45-10 +- Fix #66387: Stack overflow with imagefilltoborder +- Fix #72340: Double Free Courruption in wddx_deserialize + CVE-2016-5772 +- Fix #72275: don't allow smart_str to overflow int +- Fix #72400: prevent signed int overflows for string lengths +- Fix #72403: prevent signed int overflows for string lengths +- Fix #72268: Integer Overflow in nl2br(). (Stas) +- Fix #72339: Integer Overflow in _gd2GetHeader() resulting in heap overflow + CVE-2016-5766 +- Fix #72298: pass2_no_dither out-of-bounds access +- Fix #72402: _php_mb_regex_ereg_replace_exec - double free + CVE-2016-5768 +- Fix #72433: SPL use After Free Vulnerability in PHP's GC + CVE-2016-5771 +- Fix #72434: ZipArchive class use After Free Vulnerability in PHP's GC + CVE-2016-5773 +- Fix #72455: Heap Overflow due to integer overflows + CVE-2016-5769 +- Fix #72446: Integer Overflow in gdImagePaletteToTrueColor() + CVE-2016-5767 + * Sun May 29 2016 Remi Collet 5.4.45-9 - Fix #71331: Uninitialized pointer in phar_make_dirstream CVE-2016-4343 -- cgit