summaryrefslogtreecommitdiffstats
path: root/php.spec
diff options
context:
space:
mode:
Diffstat (limited to 'php.spec')
-rw-r--r--php.spec28
1 files changed, 26 insertions, 2 deletions
diff --git a/php.spec b/php.spec
index b32962f..81f8257 100644
--- a/php.spec
+++ b/php.spec
@@ -119,7 +119,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: 5.4.45
-Release: 13%{?dist}
+Release: 14%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -245,6 +245,12 @@ Patch261: bug73737.patch
Patch262: bug73764.patch
Patch263: bug73768.patch
Patch264: bug73773.patch
+Patch265: bug73549.patch
+Patch266: bug73868.patch
+Patch267: bug73869.patch
+Patch268: bug74435.patch
+Patch269: bug75571.patch
+Patch270: bug75981.patch
# Fixes for tests (300+)
# Backported from 5.5
@@ -947,6 +953,12 @@ support for using the enchant library to PHP.
%patch262 -p1 -b .bug73764
%patch263 -p1 -b .bug73768
%patch264 -p1 -b .bug73773
+%patch265 -p1 -b .bug73549
+%patch266 -p1 -b .bug73868
+%patch267 -p1 -b .bug73869
+%patch268 -p1 -b .bug74435
+%patch269 -p1 -b .bug75571
+%patch270 -p1 -b .bug75981
: ------------------------
#exit 1
@@ -1616,7 +1628,7 @@ cat << EOF
backported from 5.5 or 5.6,
The UPGRADE to a maintained version is very strongly RECOMMENDED.
-%if %{?fedora}%{!?fedora:99} < 24
+%if %{?fedora}%{!?fedora:99} < 26
WARNING : Fedora %{fedora} is now EOL :
You should consider upgrading to a supported release
%endif
@@ -1784,6 +1796,18 @@ EOF
%changelog
+* Thu Mar 1 2018 Remi Collet <remi@remirepo.net> - 5.4.45-14
+- fix #73549: Use after free when stream is passed to imagepng
+- fix #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
+ CVE-2016-10167
+- fix #73869: Signed Integer Overflow gd_io.c
+ CVE-2016-10168
+- fix #74435: Buffer over-read into uninitialized memory
+ CVE-2017-7890
+- fix #75571: Potential infinite loop in gdImageCreateFromGifCtx
+ CVE-2018-5711
+- fix #75981: stack-buffer-overflow while parsing HTTP response
+
* Sat Feb 18 2017 Remi Collet <remi@remirepo.net> - 5.4.45-13
- fix #73737: FPE when parsing a tag format
CVE-2016-10158