[packages/php/PHP_5_5] up to 5.5.36; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093, CVE-2016-4343

glen glen at pld-linux.org
Fri Jun 17 23:38:26 CEST 2016 

commit 0142dd066549d54d3d9f7d4b26685d55ad1649b0
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sat Jun 18 00:27:32 2016 +0300

    up to 5.5.36; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093, CVE-2016-4343
    
    - Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
    - Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094)
    - Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
    - Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
    - Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)

 php.spec | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/php.spec b/php.spec
index 736d7bd..0ba9feb 100644
--- a/php.spec
+++ b/php.spec
@@ -126,7 +126,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine	with_filter
 %endif
 
-%define		rel	4
+%define		rel	1
 %define		orgname	php
 %define		ver_suffix 55
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -137,7 +137,7 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.5.35
+Version:	5.5.36
 Release:	%{rel}%{?with_type_hints:.th}
 Epoch:		4
 # All files licensed under PHP version 3.01, except
@@ -146,7 +146,7 @@ Epoch:		4
 License:	PHP 3.01 and Zend and BSD
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	5b4af75b14f7e7d4941cafa1c6d26a33
+# Source0-md5:	1db93aa3a3cfd7cfe0f41f3697db35a4
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/0142dd066549d54d3d9f7d4b26685d55ad1649b0

More information about the pld-cvs-commit mailing list