File php56.changes of Package php56
-------------------------------------------------------------------
Thu Nov 24 10:48:02 UTC 2022 - Michal Kubecek <mkubecek@suse.cz>
- update to version 5.6.40
-------------------------------------------------------------------
Tue Apr 27 17:01:51 UTC 2021 - Michal Kubecek <mkubecek@suse.cz>
- use spdx tag for License
-------------------------------------------------------------------
Sun May 27 18:26:04 UTC 2018 - mkubecek@suse.cz
- update to version 5.6.36
* potential infinite loop in gdImageCreateFromGifCtx
(CVE-2018-5711)
* reflected XSS in .phar 404 page (CVE-2018-5712)
* stack-buffer-overflow while parsing HTTP response
(CVE-2018-7584)
* dumpable FPM child processes allow bypassing opcache access
controls (CVE-2018-10545)
* heap Buffer Overflow (READ: 1786) in exif_iif_add_value
(CVE-2018-10549)
* stream filter convert.iconv leads to infinite loop on invalid
sequence (CVE-2018-10546)
* malicious LDAP-Server response causes crash (CVE-2018-10548)
* fix for CVE-2018-5712 may have not been complete
(CVE-2018-10547)
-------------------------------------------------------------------
Sat Nov 11 17:19:56 UTC 2017 - mkubecek@suse.cz
- update to version 5.6.32
* wddx: invalid read when wddx decodes empty boolean element
(CVE-2016-9935)
* openssl: invalid parameter in memcpy function trough
openssl_pbkdf2
* exif: FPE when parsing a tag format (CVE-2016-10158)
* gd: DOS vulnerability in gdImageCreateFromGd2Ctx()
(CVE-2016-10167)
* gd: signed Integer Overflow gd_io.c (CVE-2016-10168)
* phar: crash while loading hostile phar archive (CVE-2016-10159)
* phar: memory corruption when loading hostile phar
(CVE-2016-10160)
* standard: heap out of bounds read on unserialize in
finish_nested_data() (CVE-2016-10161)
* gd: buffer over-read into uninitialized memory (CVE-2017-7890)
* mbstring: add oniguruma upstream fix (CVE-2017-9224,
CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
* pcre: fixed bug #75207 (applied upstream patch for
CVE-2016-1283)
-------------------------------------------------------------------
Fri Nov 25 08:11:27 UTC 2016 - mkubecek@suse.cz
- update to version 5.6.28
* intl: add locale length check (CVE-2016-7416)
* mysqlnd: eap overflow in mysqlnd related to bit fields
(CVE-2016-7412)
* out of bound when verify signature of zip phar in
phar_parse_zipfile (CVE-2016-7414)
* spl: missing type check when unserializing SplArray
(CVE-2016-7417)
* standard: memory corruption in during deserialized-object
destruction (CVE-2016-7411)
* wddx: wddx_deserialize use-after-free (CVE-2016-7413)
* wddx: out-of-bounds read in php_wddx_push_element
(CVE-2016-7418)
-------------------------------------------------------------------
Mon Sep 5 08:05:46 UTC 2016 - mkubecek@suse.cz
- update to version 5.6.25
* core: stack-based buffer overflow vulnerability in
virtual_file_ex (CVE-2016-6289)
* core: use after free in unserialize() with unexpected session
deserialization (CVE-2016-6290)
* HTTP_PROXY is improperly trusted by some PHP libraries and
applications (CVE-2016-5385)
* bz2: inadequate error handling in bzread() (CVE-2016-5399)
* exif: out of bound read in exif_process_IFD_in_MAKERNOTE
(CVE-2016-6291)
* exif: null pointer dereference in exif_process_user_comment
(CVE-2016-6292)
* gd: integer overflow error within _gdContributionsAlloc()
(CVE-2016-6207)
* intl: locale_accept_from_http out-of-bounds access
(CVE-2016-6294)
* odbc: PHP segfaults when accessing nvarchar(max) defined
columns (CVE-2015-8879)
* snmp: use after free vulnerability in SNMP with GC and
unserialize() (CVE-2016-6295)
* xmlrpc: heap-buffer-overflow (write) simplestring_addn
simplestring.c (CVE-2016-6296)
* zip: stack-based buffer overflow vulnerability in
php_stream_zip_opener). (CVE-2016-6297)
-------------------------------------------------------------------
Fri Jul 1 16:51:25 UTC 2016 - mkubecek@suse.cz
- fix fbclient build dependency
- specfile cleanup
-------------------------------------------------------------------
Fri Jul 1 14:00:09 UTC 2016 - mkubecek@suse.cz
- update to version 5.6.23
* fpm: fpm_log.c memory leak and buffer overflow (CVE-2016-5114)
* gd: memory Read via gdImageRotateInterpolated Array Index Out
of Bounds (CVE-2016-1903)
* wddx: use After Free Vulnerability in WDDX Packet
Deserialization
* wddx: session WDDX Packet Deserialization Type Confusion
Vulnerability
* xmlrpc: type Confusion Vulnerability in PHP_to_XMLRPC_worker()
* pcre: upgrade bundled PCRE library to 8.38. (CVE-2015-8383,
CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
* phar: heap corruption in tar/zip/phar parser (CVE-2016-4342)
* phar: uninitialized pointer in phar_make_dirstream()).
(CVE-2016-4343)
* phar: NULL Pointer Dereference in phar_tar_setupmetadata()
* phar: stack overflow when decompressing tar archives
(CVE-2016-2554)
* add support for HTTP 451 error code
* fileinfo: buffer over-write in finfo_open with malformed magic
file (CVE-2015-8865)
* mbstring: addressSanitizer: negative-size-param (-1) in
mbfl_strcut (CVE-2016-4073)
* odbc: invalid memory write in phar on filename with \0 in
name (CVE-2016-4072)
* snmp: php_snmp_error() format string vulnerability
(CVE-2016-4071)
* standard: integer overflow in php_raw_url_encode
(CVE-2016-4070)
* bcmath: bcpowmod accepts negative scale and corrupts _one_
definition (CVE-2016-4537, CVE-2016-4538)
* exif: out of bounds heap read access in exif header
processing (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
* gd: libgd: signedness vulnerability (CVE-2016-3074)
* intl: out-of-bounds reads in zif_grapheme_stripos with negative
offset (CVE-2016-4540, CVE-2016-4541)
* xml: xml_parse_into_struct segmentation fault (CVE-2016-4539)
* core: integer underflow / arbitrary null write in fread/gzread
(CVE-2016-5096)
* core: integer Overflow in php_html_entities (CVE-2016-5094)
* gd: imagescale out-of-bounds read (CVE-2013-7456)
* intl: get_icu_value_internal out-of-bounds read (CVE-2016-5093)
* stack overflow with imagefilltoborder (CVE-2015-8874)
* integer Overflow in _gd2GetHeader() resulting in heap
overflow (CVE-2016-5766)
* integer overflow in gdImagePaletteToTrueColor() resulting in
heap overflow (CVE-2016-5767)
* mbstring: _php_mb_regex_ereg_replace_exec - double free
(CVE-2016-5768)
* mcrypt: heap Overflow due to integer overflows (CVE-2016-5769)
* spl: int/size_t confusion in SplFileObject::fread
(CVE-2016-5770)
* spl: use after free vulnerability in PHP's GC algorithm and
unserialize (CVE-2016-5771)
* wddx: double free courruption in wddx_deserialize
(CVE-2016-5772)
* zip: ZipArchive class use after free vulnerability in PHP's GC
algorithm and unserialize (CVE-2016-5773)
- avoid-gcc-warnings-in-mbstring-extensions.patch:
update (drop part added to upstream)
-------------------------------------------------------------------
Sat Dec 26 22:04:25 UTC 2015 - mike@mk-sys.cz
- update to version 5.6.16
* phar: null pointer dereference in phar_get_fp_offset()
(CVE-2015-7803)
* phar: uninitialized pointer in phar_make_dirstream when zip
entry filename is "/" (CVE-2015-7804)
* various segfaults
-------------------------------------------------------------------
Wed Sep 30 19:49:50 UTC 2015 - mike@mk-sys.cz
- update to version 5.6.13
* apache2handler: potential remote code execution with apache 2.4
apache2handler (CVE-2015-3330)
* opcache: user after free (CVE-2015-1351)
* phar: buffer over-read in unserialize when parsing phar
(CVE-2015-2783)
* phar: buffer overflow when parsing tar/zip/phar in
phar_set_inode (CVE-2015-3329)
* postgres: null pointer dereference (CVE-2015-1352)
* core: PHP Multipart/form-data remote dos Vulnerability
(CVE-2015-4024)
* core: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025)
* ftp: integer overflow in ftp_genlist() resulting in heap
overflow (CVE-2015-4022)
* pcntl: pcntl_exec() should not allow null char (CVE-2015-4026)
* pcre: upgrade pcrelib to 8.37 (CVE-2015-2325 CVE-2015-2326)
* phar: memory corruption in phar_parse_tarfile when entry
filename starts with null (CVE-2015-4021)
* core: OS command injection vulnerability in escapeshellarg
(CVE-2015-4642)
* ftp: integer overflow in ftp_genlist() resulting in heap
overflow (CVE-2015-4643)
* postgres: segfault in php_pgsql_meta_data (CVE-2015-4644)
* sqlite3: upgrade bundled sqlite to 3.8.10.2 (CVE-2015-3414
CVE-2015-3415 CVE-2015-3416)
* mysqlnd: mysqlnd is vulnerable to BACKRONYM (CVE-2015-3152)
* phar: segfault in Phar::convertToData on invalid file
(CVE-2015-5589)
* phar: buffer overflow and stack smashing error in
phar_fix_filepath (CVE-2015-5590)
* phar: files extracted from archive may be placed outside of
destination directory (CVE-2015-6833)
* spl: dangling pointer in the unserialization of ArrayObject
items (CVE-2015-6832)
* spl: use after free vulnerability in unserialize() with
SPLArrayObject (CVE-2015-6831)
* spl: use after free vulnerability in unserialize() with
SplObjectStorage (CVE-2015-6831)
* spl: use after free vulnerability in unserialize() with
SplDoublyLinkedList (CVE-2015-6831)
* core: use after free vulnerability in unserialize()).
(CVE-2015-6834)
* core: use after free vulnerability in session deserializer
(CVE-2015-6835)
* soap: SOAP serialize_function_call() type confusion / RCE
(CVE-2015-6836)
* spl: use-after-free vulnerability in unserialize() with
SplObjectStorage (CVE-2015-6834)
* spl: use-after-free vulnerability in unserialize() with
SplDoublyLinkedList (CVE-2015-6834)
* xslt: null pointer dereference (CVE-2015-6837 CVE-2015-6838)
-------------------------------------------------------------------
Sun Mar 22 17:26:01 UTC 2015 - mike@mk-sys.cz
- initial checkin of PHP 5.6.7
-------------------------------------------------------------------
