summaryrefslogtreecommitdiffstats
path: root/php.spec
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2018-12-10 17:28:25 +0100
committerRemi Collet <remi@remirepo.net>2018-12-10 17:28:25 +0100
commitaa7fdad894779a9af589ccdab7cdf657100ef4b7 (patch)
treebcd17fefd6d476f0640308ffdaa3f1e479c7b113 /php.spec
parent99319aad1dc33330fd682dde3e7f0388f9c41b86 (diff)
Fix #77231 Segfault when using convert.quoted-printable-encode filter
Fix #77020 null pointer dereference in imap_mail CVE-2018-19935 Fix #77153 imap_open allows to run arbitrary shell commands via mailbox parameter CVE-2018-19158
Diffstat (limited to 'php.spec')
-rw-r--r--php.spec19
1 files changed, 17 insertions, 2 deletions
diff --git a/php.spec b/php.spec
index b072c74..47fc910 100644
--- a/php.spec
+++ b/php.spec
@@ -140,7 +140,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: 5.5.38
-Release: 9%{?dist}
+Release: 10%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -250,6 +250,9 @@ Patch154: bug69090.patch
Patch155: bug73549.patch
Patch156: bug75981.patch
Patch157: bug76582.patch
+Patch158: bug77153.patch
+Patch159: bug77020.patch
+Patch160: bug77231.patch
# Security fixes (200+)
@@ -999,7 +1002,11 @@ support for using the enchant library to PHP.
%patch154 -p1 -b .bug69090
%patch155 -p1 -b .bug73549
%patch156 -p1 -b .bug75981
-%patch157 -p1 -b .bug75981
+%patch157 -p1 -b .bug76582
+%patch158 -p1 -b .bug77153
+%patch159 -p1 -b .bug77020
+%patch160 -p1 -b .bug77231
+
: ------------------------
# Fixes for tests
@@ -1911,6 +1918,14 @@ EOF
%changelog
+* Mon Dec 10 2018 Remi Collet <remi@remirepo.net> - 5.5.38-10
+- Fix #77231 Segfault when using convert.quoted-printable-encode filter
+- Fix #77020 null pointer dereference in imap_mail
+ CVE-2018-19935
+- Fix #77153 imap_open allows to run arbitrary shell commands via
+ mailbox parameter
+ CVE-2018-19158
+
* Fri Sep 14 2018 Remi Collet <remi@remirepo.net> - 5.5.38-9
- fix #76582: XSS due to the header Transfer-Encoding: chunked