File php-CVE-2016-6288.patch of Package php5.3636
Index: php-5.6.1/ext/standard/url.c =================================================================== --- php-5.6.1.orig/ext/standard/url.c 2016-08-03 14:35:09.781465686 +0200 +++ php-5.6.1/ext/standard/url.c 2016-08-03 14:38:09.568392121 +0200 @@ -321,7 +321,7 @@ PHPAPI php_url *php_url_parse_ex(char co nohost: if ((p = memchr(s, '?', (ue - s)))) { - pp = strchr(s, '#'); + pp = memchr(s, '#', (ue - s)); if (pp && pp < p) { if (pp - s) {