diff options
author | Remi Collet <remi@remirepo.net> | 2018-03-01 10:42:24 +0100 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2018-03-01 10:42:24 +0100 |
commit | 10f4882e2ed191ffac0cc5e243b9ad32478c36c8 (patch) | |
tree | 16453d56779010c69011a205a0d8c25240d77df9 /php.spec | |
parent | 0e26c7b3a2d48b2fe256b8b7074b02218cfd46c1 (diff) |
fix #73549: Use after free when stream is passed to imagepng
fix #75981: stack-buffer-overflow while parsing HTTP response
Diffstat (limited to 'php.spec')
-rw-r--r-- | php.spec | 22 |
1 files changed, 18 insertions, 4 deletions
@@ -140,7 +140,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: 5.5.38 -Release: 7%{?dist} +Release: 8%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -247,6 +247,8 @@ Patch151: bug73764.patch Patch152: bug73768.patch Patch153: bug73773.patch Patch154: bug69090.patch +Patch155: bug73549.patch +Patch156: bug75981.patch # Security fixes (200+) @@ -994,6 +996,8 @@ support for using the enchant library to PHP. %patch152 -p1 -b .bug73768 %patch153 -p1 -b .bug73773 %patch154 -p1 -b .bug69090 +%patch155 -p1 -b .bug73549 +%patch156 -p1 -b .bug75981 : ------------------------ # Fixes for tests @@ -1725,11 +1729,17 @@ fi %posttrans common cat << EOF +========================================================================== -WARNING : PHP 5.5 have reached its "End of Life" in July 2016. -Even, if this package includes some security fix, backported from 5.6, -The upgrade to a maintained version is very strongly recommended. + WARNING : PHP 5.5 have reached its "End of Life" in July 2016. + Even, if this package includes some security fix, backported from 5.6, + The UPGRADE to a maintained version is very strongly RECOMMENDED. +%if %{?fedora}%{!?fedora:99} < 26 + WARNING : Fedora %{fedora} is now EOL : + You should consider upgrading to a supported release +%endif +========================================================================== EOF @@ -1899,6 +1909,10 @@ EOF %changelog +* Thu Mar 1 2018 Remi Collet <remi@remirepo.net> - 5.5.38-8 +- fix #73549: Use after free when stream is passed to imagepng +- fix #75981: stack-buffer-overflow while parsing HTTP response + * Sat Feb 18 2017 Remi Collet <remi@remirepo.net> - 5.5.38-7 - fix #73737: FPE when parsing a tag format CVE-2016-10158 |