summaryrefslogtreecommitdiffstats
path: root/php54.spec
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2016-05-29 09:34:18 +0200
committerRemi Collet <fedora@famillecollet.com>2016-05-29 09:34:18 +0200
commit003b71973f17c66ab9544546f693f290dbfa300e (patch)
tree75b71e51c9b28406c3353f1e49b15a91692ce396 /php54.spec
parent47446838b70413bf7cc52f145c523b56a80602b3 (diff)
PHP 5.4.45 + security fix from 5.5.36
Diffstat (limited to 'php54.spec')
-rw-r--r--php54.spec23
1 files changed, 22 insertions, 1 deletions
diff --git a/php54.spec b/php54.spec
index 4e2fe94..d5982c5 100644
--- a/php54.spec
+++ b/php54.spec
@@ -98,7 +98,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: 5.4.45
-Release: 8%{?dist}
+Release: 9%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -183,6 +183,11 @@ Patch223: bug72061.patch
Patch224: bug72093.patch
Patch225: bug72094.patch
Patch226: bug72099.patch
+Patch227: bug71331.patch
+Patch228: bug72114.patch
+Patch229: bugoverflow.patch
+Patch230: bug72135.patch
+Patch231: bug72241.patch
# Fixes for tests
# no_NO issue
@@ -917,6 +922,11 @@ rm -f ext/json/utf8_to_utf16.*
%patch224 -p1 -b .bug72093
%patch225 -p1 -b .bug72094
%patch226 -p1 -b .bug72099
+%patch227 -p1 -b .bug71331
+%patch228 -p1 -b .bug72114
+%patch229 -p1 -b .bugoverflow
+%patch230 -p1 -b .bug72135
+%patch231 -p1 -b .bug72241
# Fixes for tests
%patch301 -p1 -b .datetests2
@@ -1806,6 +1816,17 @@ fi
%changelog
+* Sun May 29 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-9
+- Fix #71331: Uninitialized pointer in phar_make_dirstream
+ CVE-2016-4343
+- Fix #72114: int/size_t confusion in fread
+ CVE-2016-5096
+- Add check for string overflow to all string add operations
+- Fix #72135: don't create strings with lengths outside int range
+ CVE-2016-5094
+- Fix #72241: get_icu_value_internal out-of-bounds read
+ CVE-2016-5093
+
* Tue Apr 26 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-8
- Fix #64938: libxml_disable_entity_loader setting is shared between threads
CVE-2015-8866