From 05daae53dc5973acafcaf058685d3766c8505d63 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 30 Jul 2019 12:13:26 +0200 Subject: - exif: Fix #78256 heap-buffer-overflow on exif_process_user_comment CVE-2019-11042 Fix #78222 heap-buffer-overflow on exif_scan_thumbnail CVE-2019-11041 - phar: Fix #77919 Potential UAF in Phar RSHUTDOWN --- php70.spec | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'php70.spec') diff --git a/php70.spec b/php70.spec index deff63a..1b97cd0 100644 --- a/php70.spec +++ b/php70.spec @@ -114,7 +114,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 11%{?dist} +Release: 12%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -195,6 +195,9 @@ Patch218: php-bug77950.patch Patch219: php-bug78069.patch Patch220: php-bug77988.patch Patch221: php-bug77967.patch +Patch222: php-bug78222.patch +Patch223: php-bug78256.patch +Patch224: php-bug77919.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1070,6 +1073,9 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi %patch219 -p1 -b .bug78069 %patch220 -p1 -b .bug77988 %patch221 -p1 -b .bug77967 +%patch222 -p1 -b .bug78222 +%patch223 -p1 -b .bug78256 +%patch224 -p1 -b .bug77919 # Fixes for tests %if 0%{?fedora} >= 21 || 0%{?rhel} >= 5 @@ -2104,7 +2110,16 @@ fi %changelog -* Tue Jul 2 2019 Remi Collet - 7.1.30-3 +* Tue Jul 30 2019 Remi Collet - 7.0.33-12 +- exif: + Fix #78256 heap-buffer-overflow on exif_process_user_comment + CVE-2019-11042 + Fix #78222 heap-buffer-overflow on exif_scan_thumbnail + CVE-2019-11041 +- phar: + Fix #77919 Potential UAF in Phar RSHUTDOWN + +* Tue Jul 2 2019 Remi Collet - 7.0.33-11 - use oracle client library version 19.3 - disable opcache.huge_code_pages in default configuration -- cgit