Fix #77231 Segfault when using convert.quoted-printable-encode filter

Fix #77020 null pointer dereference in imap_mail CVE-2018-19935
Fix #77153 imap_open allows to run arbitrary shell commands via mailbox parameter CVE-2018-19158

1 files changed, 16 insertions, 2 deletions

diff --git a/php55.spec b/php55.spec
index b9e09b3..272b1d6 100644
--- a/php55.spec
+++ b/php55.spec
@@ -141,7 +141,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.5.38
-Release: 9%{?dist}
+Release: 10%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -260,6 +260,9 @@ Patch154: bug69090.patch
 Patch155: bug73549.patch
 Patch156: bug75981.patch
 Patch157: bug76582.patch
+Patch158: bug77153.patch
+Patch159: bug77020.patch
+Patch160: bug77231.patch
 
 # Security fixes (200+)
 
@@ -1082,7 +1085,10 @@ rm -rf ext/json
 %patch154 -p1 -b .bug69090
 %patch155 -p1 -b .bug73549
 %patch156 -p1 -b .bug75981
-%patch157 -p1 -b .bug75981
+%patch157 -p1 -b .bug76582
+%patch158 -p1 -b .bug77153
+%patch159 -p1 -b .bug77020
+%patch160 -p1 -b .bug77231
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
@@ -2107,6 +2113,14 @@ EOF
 
 
 %changelog
+* Mon Dec 10 2018 Remi Collet <remi@remirepo.net> - 5.5.38-10
+- Fix #77231 Segfault when using convert.quoted-printable-encode filter
+- Fix #77020 null pointer dereference in imap_mail
+  CVE-2018-19935
+- Fix #77153 imap_open allows to run arbitrary shell commands via
+  mailbox parameter
+  CVE-2018-19158
+
 * Fri Sep 14 2018 Remi Collet <remi@remirepo.net> - 5.5.38-9
 - fix #76582: XSS due to the header Transfer-Encoding: chunked