/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2014-3670.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2014-3670.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Sat Nov 1 13:01:52 2014 UTC (10 years ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-17_el5_sme, HEAD 
* Sat Nov 1 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-17.sme
- Resync with upstream php53, which include (see [SME: 8633])
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
1 vip-ire 1.1 bug68113.phpt removed as binary patch not supported
2    
3    
4     From 287c91c1f060dc85a8bdb51488c50db8614448b7 Mon Sep 17 00:00:00 2001
5     From: Stanislav Malyshev <stas@php.net>
6     Date: Sun, 28 Sep 2014 16:57:42 -0700
7     Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail())
8    
9     ---
10     NEWS | 6 +++++-
11     ext/exif/exif.c | 4 ++--
12     ext/exif/tests/bug68113.jpg | Bin 0 -> 368 bytes
13     ext/exif/tests/bug68113.phpt | 17 +++++++++++++++++
14     4 files changed, 24 insertions(+), 3 deletions(-)
15     create mode 100755 ext/exif/tests/bug68113.jpg
16     create mode 100644 ext/exif/tests/bug68113.phpt
17    
18     diff --git a/ext/exif/exif.c b/ext/exif/exif.c
19     index 38907b4..637ebf9 100644
20     --- a/ext/exif/exif.c
21     +++ b/ext/exif/exif.c
22     @@ -2446,11 +2446,11 @@ static void* exif_ifd_make_value(image_info_data *info_data, int motorola_intel
23     data_ptr += 8;
24     break;
25     case TAG_FMT_SINGLE:
26     - memmove(data_ptr, &info_data->value.f, byte_count);
27     + memmove(data_ptr, &info_value->f, 4);
28     data_ptr += 4;
29     break;
30     case TAG_FMT_DOUBLE:
31     - memmove(data_ptr, &info_data->value.d, byte_count);
32     + memmove(data_ptr, &info_value->d, 8);
33     data_ptr += 8;
34     break;
35     }
36     --
37     2.1.0
38    
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed