From c2b4eb1f86750d392027119f1a8d33bceca2fd64 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Wed, 9 Nov 2016 18:12:33 +0100
Subject: PHP 5.5.38 with minor security fix from 5.6.28

---
 bug73418.patch | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 bug73418.patch

(limited to 'bug73418.patch')

diff --git a/bug73418.patch b/bug73418.patch
new file mode 100644
index 0000000..d85e4a6
--- /dev/null
+++ b/bug73418.patch
@@ -0,0 +1,26 @@
+Backported from 5.6.28 by Remi.
+
+
+From b823b14e374251ad6ab437a9631e4b010ca09b68 Mon Sep 17 00:00:00 2001
+From: Anatol Belski <ab@php.net>
+Date: Thu, 3 Nov 2016 17:03:23 +0100
+Subject: [PATCH] Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads
+ to crash
+
+---
+ ext/imap/php_imap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
+index 564473b..6c392fb 100644
+--- a/ext/imap/php_imap.c
++++ b/ext/imap/php_imap.c
+@@ -3894,7 +3898,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
+ 	char *tsm_errmsg = NULL;
+ 	ADDRESS *addr;
+ 	char *bufferTo = NULL, *bufferCc = NULL, *bufferBcc = NULL, *bufferHeader = NULL;
+-	int offset, bufferLen = 0;
++	size_t offset, bufferLen = 0;
+ 	size_t bt_len;
+ 
+ 	if (headers) {
-- 
cgit