Log of /rpms/php/sme8/php.spec
Parent Directory
| Revision Log
| Revision Graph
Revision
1.17 -
(
view)
(
download)
(
annotate)
-
[select for diffs]
Sat Nov 1 13:01:52 2014 UTC
(10 years ago)
by
vip-ire
Branch:
MAIN
CVS Tags:
HEAD,
php-5_3_3-17_el5_sme
Changes since
1.16: +16 -1 lines
Diff to
previous 1.16
* Sat Nov 1 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-17.sme
- Resync with upstream php53, which include (see [SME: 8633])
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
Revision
1.16 -
(
view)
(
download)
(
annotate)
-
[select for diffs]
Sat Oct 18 10:16:16 2014 UTC
(10 years, 1 month ago)
by
vip-ire
Branch:
MAIN
CVS Tags:
php-5_3_3-16_el5_sme
Changes since
1.15: +23 -1 lines
Diff to
previous 1.15
* Sat Oct 18 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-16.sme
- Resync with upstream php53, which include (see [SME: 8574])
- spl: fix use-after-free in ArrayIterator due to object
change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- gd: fix NULL pointer dereference in gdImageCreateFromXpm.
CVE-2014-2497
- fileinfo: fix incomplete fix for CVE-2012-1571 in
cdf_read_property_info. CVE-2014-3587
- core: fix incomplete fix for CVE-2014-4049 DNS TXT
record parsing. CVE-2014-3597
Revision
1.15 -
(
view)
(
download)
(
annotate)
-
[select for diffs]
Thu Aug 7 07:05:52 2014 UTC
(10 years, 3 months ago)
by
vip-ire
Branch:
MAIN
CVS Tags:
php-5_3_3-15_el5_sme
Changes since
1.14: +42 -1 lines
Diff to
previous 1.14
* Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme
- Resync with upstream php53, which include (see [SME: 8515])
- core: type confusion issue in phpinfo(). CVE-2014-4721
- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
- core: fix heap-based buffer overflow in DNS TXT record parsing.
CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage type
confusion flaw. CVE-2014-3515
- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
- fileinfo: unrestricted recursion in handling of indirect type
rules. CVE-2014-1943
- fileinfo: out of bounds read in CDF parser. CVE-2012-1571
- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
- fileinfo: cdf_unpack_summary_info() excessive looping
DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
loop. CVE-2014-0238
Revision
1.12 -
(
view)
(
download)
(
annotate)
-
[select for diffs]
Mon Dec 16 10:46:47 2013 UTC
(10 years, 11 months ago)
by
vip-ire
Branch:
MAIN
Changes since
1.11: +135 -63 lines
Diff to
previous 1.11
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme
- Resync with upstream php53, which include:
- add security fix for CVE-2013-6420
- add security fix for CVE-2013-4248
- add upstream reproducer for error_handler (#951075)
- add security fixes for CVE-2006-7243
- add security fixes for CVE-2012-2688, CVE-2012-0831,
CVE-2011-1398, CVE-2013-1643
- fix segfault in error_handler with
allow_call_time_pass_reference = Off (#951075)
- fix double free when destroy_zend_class fails (#951076)
- fix possible buffer overflow in pdo_odbc (#869694)
- php script hangs when it exceeds max_execution_time
when inside an ODBC call (#864954)
- fix zend garbage collector (#892695)
- fix transposed memset arguments in libzip (#953818)
- fix possible segfault in pdo_mysql (#869693)
- fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859369)
- fix stream support in fileinfo (#869697)
- fix setDate when DateTime created from timestamp (#869691)
- fix permission on source files (#869688)
- add php(language) and missing provides (#837044)
-
- fix copy doesn't report failure on partial copy (#951413)
This form allows you to request diffs between any two revisions of this file.
For each of the two "sides" of the diff,
select a symbolic revision name using the selection box, or choose
'Use Text Field' and enter a numeric revision.