Revision
1.1 -
(
view)
(
download)
(
annotate)
-
[selected]
Thu Aug 7 07:05:52 2014 UTC
(10 years, 4 months ago)
by
vip-ire
Branch:
MAIN
CVS Tags:
HEAD,
php-5_3_3-15_el5_sme,
php-5_3_3-16_el5_sme,
php-5_3_3-17_el5_sme
* Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme
- Resync with upstream php53, which include (see [SME: 8515])
- core: type confusion issue in phpinfo(). CVE-2014-4721
- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
- core: fix heap-based buffer overflow in DNS TXT record parsing.
CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage type
confusion flaw. CVE-2014-3515
- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
- fileinfo: unrestricted recursion in handling of indirect type
rules. CVE-2014-1943
- fileinfo: out of bounds read in CDF parser. CVE-2012-1571
- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
- fileinfo: cdf_unpack_summary_info() excessive looping
DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
loop. CVE-2014-0238