--- rpms/php/sme8/php.spec	2013/12/16 10:46:47	1.12
+++ rpms/php/sme8/php.spec	2014/08/07 07:05:52	1.15
@@ -20,7 +20,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.3.3
-Release: 14%{?dist}
+Release: 15%{?dist}
 License: PHP and LGPLv2 and LGPLv2+
 Group: Development/Languages
 URL: http://www.php.net/
@@ -104,6 +104,17 @@ Patch232: php-5.3.3-CVE-2006-7243.patch
 Patch233: php-5.3.3-CVE-2013-4113.patch
 Patch234: php-5.3.3-CVE-2013-4248.patch
 Patch235: php-5.3.3-CVE-2013-6420.patch
+Patch236: php-5.3.3-CVE-2014-0237.patch
+Patch237: php-5.3.3-CVE-2014-0238.patch
+Patch238: php-5.3.3-CVE-2014-2270.patch
+Patch239: php-5.3.3-CVE-2014-1943.patch
+Patch240: php-5.3.3-CVE-2014-3479.patch
+Patch241: php-5.3.3-CVE-2012-1571.patch
+Patch242: php-5.3.3-CVE-2014-3480.patch
+Patch243: php-5.3.3-CVE-2014-4721.patch
+Patch244: php-5.3.3-CVE-2013-6712.patch
+Patch245: php-5.3.3-CVE-2014-4049.patch
+Patch246: php-5.3.3-CVE-2014-3515.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -463,6 +474,17 @@ support for using the ICU library to PHP
 %patch233 -p1 -b .cve4113
 %patch234 -p1 -b .cve4248
 %patch235 -p1 -b .cve6420
+%patch236 -p1 -b .cve0237
+%patch237 -p1 -b .cve0238
+%patch238 -p1 -b .cve2270
+%patch239 -p1 -b .cve1943
+%patch240 -p1 -b .cve3479
+%patch241 -p1 -b .cve1571
+%patch242 -p1 -b .cve3480
+%patch243 -p1 -b .cve4721
+%patch244 -p1 -b .cve6712
+%patch245 -p1 -b .cve4049
+%patch246 -p1 -b .cve3515
 
 # Prevent %%doc confusion over LICENSE files
 cp -p Zend/LICENSE Zend/ZEND_LICENSE
@@ -842,8 +864,27 @@ rm files.* macros.php
 %files process -f files.process
 
 %changelog
+* Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme
+- Resync with upstream php53, which include (see [SME: 8515])
+- core: type confusion issue in phpinfo(). CVE-2014-4721
+- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
+- core: fix heap-based buffer overflow in DNS TXT record parsing.
+  CVE-2014-4049
+- core: unserialize() SPL ArrayObject / SPLObjectStorage type
+  confusion flaw. CVE-2014-3515
+- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
+- fileinfo: unrestricted recursion in handling of indirect type
+  rules. CVE-2014-1943
+- fileinfo: out of bounds read in CDF parser. CVE-2012-1571
+- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
+- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
+- fileinfo: cdf_unpack_summary_info() excessive looping
+  DoS. CVE-2014-0237
+- fileinfo: CDF property info parsing nelements infinite
+  loop. CVE-2014-0238
+
 * Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme
-- Resync with upstream php53, which include:
+- Resync with upstream php53, which include (see [SME: 8064])
 - add security fix for CVE-2013-6420
 - add security fix for CVE-2013-4248
 - add upstream reproducer for error_handler (#951075)
@@ -864,7 +905,6 @@ rm files.* macros.php
 - fix setDate when DateTime created from timestamp (#869691)
 - fix permission on source files (#869688)
 - add php(language) and missing provides (#837044)
-- 
 - fix copy doesn't report failure on partial copy (#951413)
 
 * Mon Jul 15 2013 Shad L. Lords <slords@mail.com> - 5.3.3-13.sme.2