[packages/php/PHP_5_6] up to 5.6.22; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093

glen glen at pld-linux.org
Sat Jun 18 00:00:59 CEST 2016 

commit 52ff7089f6b9bdc7db85216e720c1edb69e84475
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sat Jun 18 00:39:07 2016 +0300

    up to 5.6.22; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093
    
    Core:
    - Fixed bug #72172 (zend_hex_strtod should not use strlen).
    - Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
    - Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094)
    GD:
    - Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
    Intl:
    - Fixed bug #64524 (Add intl.use_exceptions to php.ini-*).
    - Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
    Postgres:
    - Fixed bug #72151 (mysqli_fetch_object changed behaviour). Patch to #71820 is reverted.

 php.spec | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/php.spec b/php.spec
index 5e1a13b..75fe266 100644
--- a/php.spec
+++ b/php.spec
@@ -150,7 +150,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine	with_filter
 %endif
 
-%define		rel	4
+%define		rel	1
 %define		orgname	php
 %define		ver_suffix 56
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -161,7 +161,7 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.6.21
+Version:	5.6.22
 Release:	%{rel}
 Epoch:		4
 # All files licensed under PHP version 3.01, except
@@ -170,7 +170,7 @@ Epoch:		4
 License:	PHP 3.01 and Zend and BSD
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	177c69d47024541739c439c9d9eb6ba5
+# Source0-md5:	19a5bcbddc105dfb29482ab779fcc795
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/52ff7089f6b9bdc7db85216e720c1edb69e84475

More information about the pld-cvs-commit mailing list