From 3eac2688eee6178bdc64ec63db156efd8c1c7444 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 28 Aug 2019 14:39:59 +0200 Subject: From 7.1.32 - mbstring: Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe - pcre: Fix #75457 heap use-after-free in pcrelib --- php.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'php.spec') diff --git a/php.spec b/php.spec index 29fa21c..5f07455 100644 --- a/php.spec +++ b/php.spec @@ -137,7 +137,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 12%{?dist} +Release: 13%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -227,6 +227,8 @@ Patch221: php-bug77967.patch Patch222: php-bug78222.patch Patch223: php-bug78256.patch Patch224: php-bug77919.patch +Patch225: php-bug75457.patch +Patch226: php-bug78380.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -993,6 +995,8 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %patch222 -p1 -b .bug78222 %patch223 -p1 -b .bug78256 %patch224 -p1 -b .bug77919 +%patch225 -p1 -b .bug75457 +%patch226 -p1 -b .bug78380 : --------------------------- #exit 1 @@ -1945,6 +1949,12 @@ EOF %changelog +* Wed Aug 28 2019 Remi Collet - 7.0.33-13 +- mbstring: + Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe +- pcre: + Fix #75457 heap use-after-free in pcrelib + * Tue Jul 30 2019 Remi Collet - 7.0.33-12 - exif: Fix #78256 heap-buffer-overflow on exif_process_user_comment -- cgit