| 20 |
Summary: PHP scripting language for creating dynamic web sites |
Summary: PHP scripting language for creating dynamic web sites |
| 21 |
Name: php |
Name: php |
| 22 |
Version: 5.3.3 |
Version: 5.3.3 |
| 23 |
Release: 14%{?dist} |
Release: 15%{?dist} |
| 24 |
License: PHP and LGPLv2 and LGPLv2+ |
License: PHP and LGPLv2 and LGPLv2+ |
| 25 |
Group: Development/Languages |
Group: Development/Languages |
| 26 |
URL: http://www.php.net/ |
URL: http://www.php.net/ |
| 104 |
Patch233: php-5.3.3-CVE-2013-4113.patch |
Patch233: php-5.3.3-CVE-2013-4113.patch |
| 105 |
Patch234: php-5.3.3-CVE-2013-4248.patch |
Patch234: php-5.3.3-CVE-2013-4248.patch |
| 106 |
Patch235: php-5.3.3-CVE-2013-6420.patch |
Patch235: php-5.3.3-CVE-2013-6420.patch |
| 107 |
|
Patch236: php-5.3.3-CVE-2014-0237.patch |
| 108 |
|
Patch237: php-5.3.3-CVE-2014-0238.patch |
| 109 |
|
Patch238: php-5.3.3-CVE-2014-2270.patch |
| 110 |
|
Patch239: php-5.3.3-CVE-2014-1943.patch |
| 111 |
|
Patch240: php-5.3.3-CVE-2014-3479.patch |
| 112 |
|
Patch241: php-5.3.3-CVE-2012-1571.patch |
| 113 |
|
Patch242: php-5.3.3-CVE-2014-3480.patch |
| 114 |
|
Patch243: php-5.3.3-CVE-2014-4721.patch |
| 115 |
|
Patch244: php-5.3.3-CVE-2013-6712.patch |
| 116 |
|
Patch245: php-5.3.3-CVE-2014-4049.patch |
| 117 |
|
Patch246: php-5.3.3-CVE-2014-3515.patch |
| 118 |
|
|
| 119 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
| 120 |
|
|
| 474 |
%patch233 -p1 -b .cve4113 |
%patch233 -p1 -b .cve4113 |
| 475 |
%patch234 -p1 -b .cve4248 |
%patch234 -p1 -b .cve4248 |
| 476 |
%patch235 -p1 -b .cve6420 |
%patch235 -p1 -b .cve6420 |
| 477 |
|
%patch236 -p1 -b .cve0237 |
| 478 |
|
%patch237 -p1 -b .cve0238 |
| 479 |
|
%patch238 -p1 -b .cve2270 |
| 480 |
|
%patch239 -p1 -b .cve1943 |
| 481 |
|
%patch240 -p1 -b .cve3479 |
| 482 |
|
%patch241 -p1 -b .cve1571 |
| 483 |
|
%patch242 -p1 -b .cve3480 |
| 484 |
|
%patch243 -p1 -b .cve4721 |
| 485 |
|
%patch244 -p1 -b .cve6712 |
| 486 |
|
%patch245 -p1 -b .cve4049 |
| 487 |
|
%patch246 -p1 -b .cve3515 |
| 488 |
|
|
| 489 |
# Prevent %%doc confusion over LICENSE files |
# Prevent %%doc confusion over LICENSE files |
| 490 |
cp -p Zend/LICENSE Zend/ZEND_LICENSE |
cp -p Zend/LICENSE Zend/ZEND_LICENSE |
| 864 |
%files process -f files.process |
%files process -f files.process |
| 865 |
|
|
| 866 |
%changelog |
%changelog |
| 867 |
|
* Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme |
| 868 |
|
- Resync with upstream php53, which include (see [SME: 8515]) |
| 869 |
|
- core: type confusion issue in phpinfo(). CVE-2014-4721 |
| 870 |
|
- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 |
| 871 |
|
- core: fix heap-based buffer overflow in DNS TXT record parsing. |
| 872 |
|
CVE-2014-4049 |
| 873 |
|
- core: unserialize() SPL ArrayObject / SPLObjectStorage type |
| 874 |
|
confusion flaw. CVE-2014-3515 |
| 875 |
|
- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 |
| 876 |
|
- fileinfo: unrestricted recursion in handling of indirect type |
| 877 |
|
rules. CVE-2014-1943 |
| 878 |
|
- fileinfo: out of bounds read in CDF parser. CVE-2012-1571 |
| 879 |
|
- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 |
| 880 |
|
- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 |
| 881 |
|
- fileinfo: cdf_unpack_summary_info() excessive looping |
| 882 |
|
DoS. CVE-2014-0237 |
| 883 |
|
- fileinfo: CDF property info parsing nelements infinite |
| 884 |
|
loop. CVE-2014-0238 |
| 885 |
|
|
| 886 |
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme |
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme |
| 887 |
- Resync with upstream php53, which include (see [SME: 8064]) |
- Resync with upstream php53, which include (see [SME: 8064]) |
| 888 |
- add security fix for CVE-2013-6420 |
- add security fix for CVE-2013-6420 |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch
