Changelog for
php56-devel-5.6.28-1.12.i586.rpm :
Fri Nov 25 13:00:00 2016 mkubecekAATTsuse.cz
- update to version 5.6.28
* intl: add locale length check (CVE-2016-7416)
* mysqlnd: eap overflow in mysqlnd related to bit fields
(CVE-2016-7412)
* out of bound when verify signature of zip phar in
phar_parse_zipfile (CVE-2016-7414)
* spl: missing type check when unserializing SplArray
(CVE-2016-7417)
* standard: memory corruption in during deserialized-object
destruction (CVE-2016-7411)
* wddx: wddx_deserialize use-after-free (CVE-2016-7413)
* wddx: out-of-bounds read in php_wddx_push_element
(CVE-2016-7418)
Mon Sep 5 14:00:00 2016 mkubecekAATTsuse.cz
- update to version 5.6.25
* core: stack-based buffer overflow vulnerability in
virtual_file_ex (CVE-2016-6289)
* core: use after free in unserialize() with unexpected session
deserialization (CVE-2016-6290)
* HTTP_PROXY is improperly trusted by some PHP libraries and
applications (CVE-2016-5385)
* bz2: inadequate error handling in bzread() (CVE-2016-5399)
* exif: out of bound read in exif_process_IFD_in_MAKERNOTE
(CVE-2016-6291)
* exif: null pointer dereference in exif_process_user_comment
(CVE-2016-6292)
* gd: integer overflow error within _gdContributionsAlloc()
(CVE-2016-6207)
* intl: locale_accept_from_http out-of-bounds access
(CVE-2016-6294)
* odbc: PHP segfaults when accessing nvarchar(max) defined
columns (CVE-2015-8879)
* snmp: use after free vulnerability in SNMP with GC and
unserialize() (CVE-2016-6295)
* xmlrpc: heap-buffer-overflow (write) simplestring_addn
simplestring.c (CVE-2016-6296)
* zip: stack-based buffer overflow vulnerability in
php_stream_zip_opener). (CVE-2016-6297)
Fri Jul 1 14:00:00 2016 mkubecekAATTsuse.cz
- fix fbclient build dependency
- specfile cleanup
Fri Jul 1 14:00:00 2016 mkubecekAATTsuse.cz
- update to version 5.6.23
* fpm: fpm_log.c memory leak and buffer overflow (CVE-2016-5114)
* gd: memory Read via gdImageRotateInterpolated Array Index Out
of Bounds (CVE-2016-1903)
* wddx: use After Free Vulnerability in WDDX Packet
Deserialization
* wddx: session WDDX Packet Deserialization Type Confusion
Vulnerability
* xmlrpc: type Confusion Vulnerability in PHP_to_XMLRPC_worker()
* pcre: upgrade bundled PCRE library to 8.38. (CVE-2015-8383,
CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
* phar: heap corruption in tar/zip/phar parser (CVE-2016-4342)
* phar: uninitialized pointer in phar_make_dirstream()).
(CVE-2016-4343)
* phar: NULL Pointer Dereference in phar_tar_setupmetadata()
* phar: stack overflow when decompressing tar archives
(CVE-2016-2554)
* add support for HTTP 451 error code
* fileinfo: buffer over-write in finfo_open with malformed magic
file (CVE-2015-8865)
* mbstring: addressSanitizer: negative-size-param (-1) in
mbfl_strcut (CVE-2016-4073)
* odbc: invalid memory write in phar on filename with \\0 in
name (CVE-2016-4072)
* snmp: php_snmp_error() format string vulnerability
(CVE-2016-4071)
* standard: integer overflow in php_raw_url_encode
(CVE-2016-4070)
* bcmath: bcpowmod accepts negative scale and corrupts _one_
definition (CVE-2016-4537, CVE-2016-4538)
* exif: out of bounds heap read access in exif header
processing (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
* gd: libgd: signedness vulnerability (CVE-2016-3074)
* intl: out-of-bounds reads in zif_grapheme_stripos with negative
offset (CVE-2016-4540, CVE-2016-4541)
* xml: xml_parse_into_struct segmentation fault (CVE-2016-4539)
* core: integer underflow / arbitrary null write in fread/gzread
(CVE-2016-5096)
* core: integer Overflow in php_html_entities (CVE-2016-5094)
* gd: imagescale out-of-bounds read (CVE-2013-7456)
* intl: get_icu_value_internal out-of-bounds read (CVE-2016-5093)
* stack overflow with imagefilltoborder (CVE-2015-8874)
* integer Overflow in _gd2GetHeader() resulting in heap
overflow (CVE-2016-5766)
* integer overflow in gdImagePaletteToTrueColor() resulting in
heap overflow (CVE-2016-5767)
* mbstring: _php_mb_regex_ereg_replace_exec - double free
(CVE-2016-5768)
* mcrypt: heap Overflow due to integer overflows (CVE-2016-5769)
* spl: int/size_t confusion in SplFileObject::fread
(CVE-2016-5770)
* spl: use after free vulnerability in PHP\'s GC algorithm and
unserialize (CVE-2016-5771)
* wddx: double free courruption in wddx_deserialize
(CVE-2016-5772)
* zip: ZipArchive class use after free vulnerability in PHP\'s GC
algorithm and unserialize (CVE-2016-5773)
- avoid-gcc-warnings-in-mbstring-extensions.patch:
update (drop part added to upstream)
Sat Dec 26 13:00:00 2015 mikeAATTmk-sys.cz
- update to version 5.6.16
* phar: null pointer dereference in phar_get_fp_offset()
(CVE-2015-7803)
* phar: uninitialized pointer in phar_make_dirstream when zip
entry filename is \"/\" (CVE-2015-7804)
* various segfaults
Wed Sep 30 14:00:00 2015 mikeAATTmk-sys.cz
- update to version 5.6.13
* apache2handler: potential remote code execution with apache 2.4
apache2handler (CVE-2015-3330)
* opcache: user after free (CVE-2015-1351)
* phar: buffer over-read in unserialize when parsing phar
(CVE-2015-2783)
* phar: buffer overflow when parsing tar/zip/phar in
phar_set_inode (CVE-2015-3329)
* postgres: null pointer dereference (CVE-2015-1352)
* core: PHP Multipart/form-data remote dos Vulnerability
(CVE-2015-4024)
* core: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025)
* ftp: integer overflow in ftp_genlist() resulting in heap
overflow (CVE-2015-4022)
* pcntl: pcntl_exec() should not allow null char (CVE-2015-4026)
* pcre: upgrade pcrelib to 8.37 (CVE-2015-2325 CVE-2015-2326)
* phar: memory corruption in phar_parse_tarfile when entry
filename starts with null (CVE-2015-4021)
* core: OS command injection vulnerability in escapeshellarg
(CVE-2015-4642)
* ftp: integer overflow in ftp_genlist() resulting in heap
overflow (CVE-2015-4643)
* postgres: segfault in php_pgsql_meta_data (CVE-2015-4644)
* sqlite3: upgrade bundled sqlite to 3.8.10.2 (CVE-2015-3414
CVE-2015-3415 CVE-2015-3416)
* mysqlnd: mysqlnd is vulnerable to BACKRONYM (CVE-2015-3152)
* phar: segfault in Phar::convertToData on invalid file
(CVE-2015-5589)
* phar: buffer overflow and stack smashing error in
phar_fix_filepath (CVE-2015-5590)
* phar: files extracted from archive may be placed outside of
destination directory (CVE-2015-6833)
* spl: dangling pointer in the unserialization of ArrayObject
items (CVE-2015-6832)
* spl: use after free vulnerability in unserialize() with
SPLArrayObject (CVE-2015-6831)
* spl: use after free vulnerability in unserialize() with
SplObjectStorage (CVE-2015-6831)
* spl: use after free vulnerability in unserialize() with
SplDoublyLinkedList (CVE-2015-6831)
* core: use after free vulnerability in unserialize()).
(CVE-2015-6834)
* core: use after free vulnerability in session deserializer
(CVE-2015-6835)
* soap: SOAP serialize_function_call() type confusion / RCE
(CVE-2015-6836)
* spl: use-after-free vulnerability in unserialize() with
SplObjectStorage (CVE-2015-6834)
* spl: use-after-free vulnerability in unserialize() with
SplDoublyLinkedList (CVE-2015-6834)
* xslt: null pointer dereference (CVE-2015-6837 CVE-2015-6838)
Sun Mar 22 13:00:00 2015 mikeAATTmk-sys.cz
- initial checkin of PHP 5.6.7