From aa7fdad894779a9af589ccdab7cdf657100ef4b7 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 10 Dec 2018 17:28:25 +0100 Subject: Fix #77231 Segfault when using convert.quoted-printable-encode filter Fix #77020 null pointer dereference in imap_mail CVE-2018-19935 Fix #77153 imap_open allows to run arbitrary shell commands via mailbox parameter CVE-2018-19158 --- php.spec | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'php.spec') diff --git a/php.spec b/php.spec index b072c74..47fc910 100644 --- a/php.spec +++ b/php.spec @@ -140,7 +140,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: 5.5.38 -Release: 9%{?dist} +Release: 10%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -250,6 +250,9 @@ Patch154: bug69090.patch Patch155: bug73549.patch Patch156: bug75981.patch Patch157: bug76582.patch +Patch158: bug77153.patch +Patch159: bug77020.patch +Patch160: bug77231.patch # Security fixes (200+) @@ -999,7 +1002,11 @@ support for using the enchant library to PHP. %patch154 -p1 -b .bug69090 %patch155 -p1 -b .bug73549 %patch156 -p1 -b .bug75981 -%patch157 -p1 -b .bug75981 +%patch157 -p1 -b .bug76582 +%patch158 -p1 -b .bug77153 +%patch159 -p1 -b .bug77020 +%patch160 -p1 -b .bug77231 + : ------------------------ # Fixes for tests @@ -1911,6 +1918,14 @@ EOF %changelog +* Mon Dec 10 2018 Remi Collet - 5.5.38-10 +- Fix #77231 Segfault when using convert.quoted-printable-encode filter +- Fix #77020 null pointer dereference in imap_mail + CVE-2018-19935 +- Fix #77153 imap_open allows to run arbitrary shell commands via + mailbox parameter + CVE-2018-19158 + * Fri Sep 14 2018 Remi Collet - 5.5.38-9 - fix #76582: XSS due to the header Transfer-Encoding: chunked -- cgit