/[smeserver]/rpms/php/sme8/php.spec

Diff of /rpms/php/sme8/php.spec

Parent Directory | Revision Log | View Revision Graph Revision Graph | View Patch Patch

-Revision 1.13 by vip-ire,
Mon Dec 16 10:47:16 2013 UTC
+Revision 1.17 by vip-ire,
Sat Nov  1 13:01:52 2014 UTC
 Line 20
  Summary: PHP scripting language for creating dynamic web sites
  Name: php
  Version: 5.3.3
- Release: 14%{?dist}
+ Release: 17%{?dist}
  License: PHP and LGPLv2 and LGPLv2+
  Group: Development/Languages
  URL: http://www.php.net/
 Line 104 
 Patch232: php-5.3.3-CVE-2006-7243.patch
  Patch233: php-5.3.3-CVE-2013-4113.patch
  Patch234: php-5.3.3-CVE-2013-4248.patch
  Patch235: php-5.3.3-CVE-2013-6420.patch
+ Patch236: php-5.3.3-CVE-2014-0237.patch
+ Patch237: php-5.3.3-CVE-2014-0238.patch
+ Patch238: php-5.3.3-CVE-2014-2270.patch
+ Patch239: php-5.3.3-CVE-2014-1943.patch
+ Patch240: php-5.3.3-CVE-2014-3479.patch
+ Patch241: php-5.3.3-CVE-2012-1571.patch
+ Patch242: php-5.3.3-CVE-2014-3480.patch
+ Patch243: php-5.3.3-CVE-2014-4721.patch
+ Patch244: php-5.3.3-CVE-2013-6712.patch
+ Patch245: php-5.3.3-CVE-2014-4049.patch
+ Patch246: php-5.3.3-CVE-2014-3515.patch
+ Patch247: php-5.3.3-CVE-2014-2497.patch
+ Patch248: php-5.3.3-CVE-2014-3587.patch
+ Patch249: php-5.3.3-CVE-2014-3597.patch
+ Patch250: php-5.3.3-CVE-2014-4698.patch
+ Patch251: php-5.3.3-CVE-2014-4670.patch
+ Patch252: php-5.3.3-CVE-2014-3668.patch
+ Patch253: php-5.3.3-CVE-2014-3669.patch
+ Patch254: php-5.3.3-CVE-2014-3670.patch
+ Patch255: php-5.3.3-CVE-2014-3710.patch
  BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Line 463 
 support for using the ICU library to PHP
+Line 483 
 support for using the ICU library to PHP
  %patch233 -p1 -b .cve4113
  %patch234 -p1 -b .cve4248
  %patch235 -p1 -b .cve6420
+ %patch236 -p1 -b .cve0237
+ %patch237 -p1 -b .cve0238
+ %patch238 -p1 -b .cve2270
+ %patch239 -p1 -b .cve1943
+ %patch240 -p1 -b .cve3479
+ %patch241 -p1 -b .cve1571
+ %patch242 -p1 -b .cve3480
+ %patch243 -p1 -b .cve4721
+ %patch244 -p1 -b .cve6712
+ %patch245 -p1 -b .cve4049
+ %patch246 -p1 -b .cve3515
+ %patch247 -p1 -b .cve2497
+ %patch248 -p1 -b .cve3587
+ %patch249 -p1 -b .cve3597
+ %patch250 -p1 -b .cve4698
+ %patch251 -p1 -b .cve4670
+ %patch252 -p1 -b .cve3668
+ %patch253 -p1 -b .cve3669
+ %patch254 -p1 -b .cve3670
+ %patch255 -p1 -b .cve3710
  # Prevent %%doc confusion over LICENSE files
  cp -p Zend/LICENSE Zend/ZEND_LICENSE
-Line 842 
 rm files.* macros.php
+Line 882 
 rm files.* macros.php
  %files process -f files.process
  %changelog
+ * Sat Nov 1 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-17.sme
+ - Resync with upstream php53, which include (see [SME: 8633])
+ - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
+ - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
+ - core: fix integer overflow in unserialize() CVE-2014-3669
+ - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
+ * Sat Oct 18 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-16.sme
+ - Resync with upstream php53, which include (see [SME: 8574])
+ - spl: fix use-after-free in ArrayIterator due to object
+   change during sorting. CVE-2014-4698
+ - spl: fix use-after-free in SPL Iterators. CVE-2014-4670
+ - gd: fix NULL pointer dereference in gdImageCreateFromXpm.
+   CVE-2014-2497
+ - fileinfo: fix incomplete fix for CVE-2012-1571 in
+   cdf_read_property_info. CVE-2014-3587
+ - core: fix incomplete fix for CVE-2014-4049 DNS TXT
+   record parsing. CVE-2014-3597
+ * Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme
+ - Resync with upstream php53, which include (see [SME: 8515])
+ - core: type confusion issue in phpinfo(). CVE-2014-4721
+ - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
+ - core: fix heap-based buffer overflow in DNS TXT record parsing.
+   CVE-2014-4049
+ - core: unserialize() SPL ArrayObject / SPLObjectStorage type
+   confusion flaw. CVE-2014-3515
+ - fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
+ - fileinfo: unrestricted recursion in handling of indirect type
+   rules. CVE-2014-1943
+ - fileinfo: out of bounds read in CDF parser. CVE-2012-1571
+ - fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
+ - fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
+ - fileinfo: cdf_unpack_summary_info() excessive looping
+   DoS. CVE-2014-0237
+ - fileinfo: CDF property info parsing nelements infinite
+   loop. CVE-2014-0238
  * Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme
- - Resync with upstream php53, which include:
+ - Resync with upstream php53, which include (see [SME: 8064])
  - add security fix for CVE-2013-6420
  - add security fix for CVE-2013-4248
  - add upstream reproducer for error_handler (#951075)

 Legend:



Removed lines/characters
 


Changed lines/characters


 
Added lines/characters
 Legend:



Removed lines/characters
 


Changed lines/characters


 
Added lines/characters
-Removed lines/characters
+Added lines/characters

admin@koozali.org	ViewVC Help
Powered by ViewVC 1.2.1