From 03cb94d7835b8548cd35966c0cf3e10e48808f87 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 1 Mar 2018 09:50:30 +0100
Subject: fix #73549: Use after free when stream is passed to imagepng fix
 #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 fix
 #73869: Signed Integer Overflow gd_io.c CVE-2016-10168 fix #74435: Buffer
 over-read into uninitialized memory CVE-2017-7890 fix #75571: Potential
 infinite loop in gdImageCreateFromGifCtx CVE-2018-5711 fix #75981:
 stack-buffer-overflow while parsing HTTP response

---
 php.spec | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

(limited to 'php.spec')

diff --git a/php.spec b/php.spec
index b32962f..81f8257 100644
--- a/php.spec
+++ b/php.spec
@@ -119,7 +119,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: %{?scl_prefix}php
 Version: 5.4.45
-Release: 13%{?dist}
+Release: 14%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -245,6 +245,12 @@ Patch261: bug73737.patch
 Patch262: bug73764.patch
 Patch263: bug73768.patch
 Patch264: bug73773.patch
+Patch265: bug73549.patch
+Patch266: bug73868.patch
+Patch267: bug73869.patch
+Patch268: bug74435.patch
+Patch269: bug75571.patch
+Patch270: bug75981.patch
 
 # Fixes for tests (300+)
 # Backported from 5.5
@@ -947,6 +953,12 @@ support for using the enchant library to PHP.
 %patch262 -p1 -b .bug73764
 %patch263 -p1 -b .bug73768
 %patch264 -p1 -b .bug73773
+%patch265 -p1 -b .bug73549
+%patch266 -p1 -b .bug73868
+%patch267 -p1 -b .bug73869
+%patch268 -p1 -b .bug74435
+%patch269 -p1 -b .bug75571
+%patch270 -p1 -b .bug75981
 : ------------------------
 #exit 1
 
@@ -1616,7 +1628,7 @@ cat << EOF
  backported from 5.5 or 5.6,
  The UPGRADE to a maintained version is very strongly RECOMMENDED.
 
-%if %{?fedora}%{!?fedora:99} < 24
+%if %{?fedora}%{!?fedora:99} < 26
  WARNING : Fedora %{fedora} is now EOL :
  You should consider upgrading to a supported release
 %endif
@@ -1784,6 +1796,18 @@ EOF
 
 
 %changelog
+* Thu Mar  1 2018 Remi Collet <remi@remirepo.net> - 5.4.45-14
+- fix #73549: Use after free when stream is passed to imagepng
+- fix #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
+  CVE-2016-10167
+- fix #73869: Signed Integer Overflow gd_io.c
+  CVE-2016-10168
+- fix #74435: Buffer over-read into uninitialized memory
+  CVE-2017-7890
+- fix #75571: Potential infinite loop in gdImageCreateFromGifCtx
+  CVE-2018-5711
+- fix #75981: stack-buffer-overflow while parsing HTTP response
+
 * Sat Feb 18 2017 Remi Collet <remi@remirepo.net> - 5.4.45-13
 - fix #73737: FPE when parsing a tag format
   CVE-2016-10158
-- 
cgit