/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2688.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2012-2688.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Dec 16 10:46:46 2013 UTC (10 years, 11 months ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-14_el5_sme, php-5_3_3-17_el5_sme, php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, HEAD
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme
- Resync with upstream php53, which include:
- add security fix for CVE-2013-6420
- add security fix for CVE-2013-4248
- add upstream reproducer for error_handler (#951075)
- add security fixes for CVE-2006-7243
- add security fixes for CVE-2012-2688, CVE-2012-0831,
  CVE-2011-1398, CVE-2013-1643
- fix segfault in error_handler with
  allow_call_time_pass_reference = Off (#951075)
- fix double free when destroy_zend_class fails (#951076)
- fix possible buffer overflow in pdo_odbc (#869694)
- php script hangs when it exceeds max_execution_time
  when inside an ODBC call (#864954)
- fix zend garbage collector (#892695)
- fix transposed memset arguments in libzip (#953818)
- fix possible segfault in pdo_mysql (#869693)
- fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859369)
- fix stream support in fileinfo (#869697)
- fix setDate when DateTime created from timestamp (#869691)
- fix permission on source files (#869688)
- add php(language) and missing provides (#837044)
-
- fix copy doesn't report failure on partial copy (#951413)

1 vip-ire 1.1
2     https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2688
3    
4     http://git.php.net/?p=php-src.git;a=commitdiff;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5
5    
6     --- php-5.3.3/main/streams/streams.c.cve2688 2012-10-16 13:41:35.000000000 +0200
7     +++ php-5.3.3/main/streams/streams.c 2012-10-16 13:49:11.548079279 +0200
8     @@ -2160,6 +2160,11 @@
9     if (vector_size == 0) {
10     vector_size = 10;
11     } else {
12     + if (vector_size*2 < vector_size) {
13     + /* overflow */
14     + efree(vector);
15     + return FAILURE;
16     + }
17     vector_size *= 2;
18     }
19     vector = (char **) erealloc(vector, vector_size * sizeof(char *));

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed