summaryrefslogtreecommitdiffstats
path: root/php.spec
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2016-12-10 19:49:27 +0100
committerRemi Collet <fedora@famillecollet.com>2016-12-10 19:49:27 +0100
commit416726278c9629f0510ca672f60686df27563d3f (patch)
tree27cd02d3c1d5960fcf015cdd0d2cceeca776dbdc /php.spec
parentc2b4eb1f86750d392027119f1a8d33bceca2fd64 (diff)
PHP 5.5.38 with 1 minor security fix from 5.6.29
Diffstat (limited to 'php.spec')
-rw-r--r--php.spec13
1 files changed, 9 insertions, 4 deletions
diff --git a/php.spec b/php.spec
index e778cd4..51cb910 100644
--- a/php.spec
+++ b/php.spec
@@ -140,7 +140,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: 5.5.38
-Release: 5%{?dist}
+Release: 6%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -241,6 +241,7 @@ Patch145: bug73331.patch
Patch146: bug73144.patch
Patch147: bug73418.patch
Patch148: bug73356.patch
+Patch149: bug73631.patch
# Security fixes (200+)
@@ -982,6 +983,7 @@ support for using the enchant library to PHP.
%patch146 -p1 -b .bug73144
%patch147 -p1 -b .bug73418
%patch148 -p1 -b .bug73356
+%patch149 -p1 -b .bug73631
: ------------------------
# Fixes for tests
@@ -1887,16 +1889,20 @@ EOF
%changelog
-* Wed Nov 9 2016 Remi Collet <remi@remirepo.net> 5.5.38-5
+* Sat Dec 10 2016 Remi Collet <remi@remirepo.net> - 5.5.38-6
+- fix #73631: Invalid read when wddx decodes empty boolean element
+
+* Wed Nov 9 2016 Remi Collet <remi@remirepo.net> - 5.5.38-5
- fix #73418: Integer Overflow in "_php_imap_mail" leads Heap Overflow
- fix #73144: Use-after-free in ArrayObject Deserialization
- fix #73356: crash in bzcompress function
- fix #73331: NULL Pointer Deref. in WDDX Packet Deserialization with PDORow
-* Sat Oct 15 2016 Remi Collet <remi@remirepo.net> 5.5.38-4
+* Sat Oct 15 2016 Remi Collet <remi@remirepo.net> - 5.5.38-4
- fix #73189: Memcpy negative size parameter php_resolve_path
- fix #72581: previous property undefined in Exception after deserialization
- fix #73147: Use After Free in unserialize
+ CVE-2016-9137
- fix #73190: memcpy negative parameter _bc_new_num_ex
- fix #73150: missing NULL check in dom_document_save_html
- fix #73284: heap overflow in php_ereg_replace function
@@ -1906,7 +1912,6 @@ EOF
- fix #73082: string length overflow in mb_encode_* function
- fix #73174: heap overflow in php_pcre_replace_impl
- fix #73275: crash in openssl_encrypt function
-- fix #73275: crash in openssl_encrypt function
- fix #73293: NULL pointer dereference in SimpleXMLElement::asXML
- fix #73240: Write out of bounds at number_format
- fix #73017: memory corruption in wordwrap function