Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:mkubecek:private
php56
php56.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php56.changes of Package php56
------------------------------------------------------------------- Thu Nov 24 10:48:02 UTC 2022 - Michal Kubecek <mkubecek@suse.cz> - update to version 5.6.40 ------------------------------------------------------------------- Tue Apr 27 17:01:51 UTC 2021 - Michal Kubecek <mkubecek@suse.cz> - use spdx tag for License ------------------------------------------------------------------- Sun May 27 18:26:04 UTC 2018 - mkubecek@suse.cz - update to version 5.6.36 * potential infinite loop in gdImageCreateFromGifCtx (CVE-2018-5711) * reflected XSS in .phar 404 page (CVE-2018-5712) * stack-buffer-overflow while parsing HTTP response (CVE-2018-7584) * dumpable FPM child processes allow bypassing opcache access controls (CVE-2018-10545) * heap Buffer Overflow (READ: 1786) in exif_iif_add_value (CVE-2018-10549) * stream filter convert.iconv leads to infinite loop on invalid sequence (CVE-2018-10546) * malicious LDAP-Server response causes crash (CVE-2018-10548) * fix for CVE-2018-5712 may have not been complete (CVE-2018-10547) ------------------------------------------------------------------- Sat Nov 11 17:19:56 UTC 2017 - mkubecek@suse.cz - update to version 5.6.32 * wddx: invalid read when wddx decodes empty boolean element (CVE-2016-9935) * openssl: invalid parameter in memcpy function trough openssl_pbkdf2 * exif: FPE when parsing a tag format (CVE-2016-10158) * gd: DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) * gd: signed Integer Overflow gd_io.c (CVE-2016-10168) * phar: crash while loading hostile phar archive (CVE-2016-10159) * phar: memory corruption when loading hostile phar (CVE-2016-10160) * standard: heap out of bounds read on unserialize in finish_nested_data() (CVE-2016-10161) * gd: buffer over-read into uninitialized memory (CVE-2017-7890) * mbstring: add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) * pcre: fixed bug #75207 (applied upstream patch for CVE-2016-1283) ------------------------------------------------------------------- Fri Nov 25 08:11:27 UTC 2016 - mkubecek@suse.cz - update to version 5.6.28 * intl: add locale length check (CVE-2016-7416) * mysqlnd: eap overflow in mysqlnd related to bit fields (CVE-2016-7412) * out of bound when verify signature of zip phar in phar_parse_zipfile (CVE-2016-7414) * spl: missing type check when unserializing SplArray (CVE-2016-7417) * standard: memory corruption in during deserialized-object destruction (CVE-2016-7411) * wddx: wddx_deserialize use-after-free (CVE-2016-7413) * wddx: out-of-bounds read in php_wddx_push_element (CVE-2016-7418) ------------------------------------------------------------------- Mon Sep 5 08:05:46 UTC 2016 - mkubecek@suse.cz - update to version 5.6.25 * core: stack-based buffer overflow vulnerability in virtual_file_ex (CVE-2016-6289) * core: use after free in unserialize() with unexpected session deserialization (CVE-2016-6290) * HTTP_PROXY is improperly trusted by some PHP libraries and applications (CVE-2016-5385) * bz2: inadequate error handling in bzread() (CVE-2016-5399) * exif: out of bound read in exif_process_IFD_in_MAKERNOTE (CVE-2016-6291) * exif: null pointer dereference in exif_process_user_comment (CVE-2016-6292) * gd: integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * intl: locale_accept_from_http out-of-bounds access (CVE-2016-6294) * odbc: PHP segfaults when accessing nvarchar(max) defined columns (CVE-2015-8879) * snmp: use after free vulnerability in SNMP with GC and unserialize() (CVE-2016-6295) * xmlrpc: heap-buffer-overflow (write) simplestring_addn simplestring.c (CVE-2016-6296) * zip: stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297) ------------------------------------------------------------------- Fri Jul 1 16:51:25 UTC 2016 - mkubecek@suse.cz - fix fbclient build dependency - specfile cleanup ------------------------------------------------------------------- Fri Jul 1 14:00:09 UTC 2016 - mkubecek@suse.cz - update to version 5.6.23 * fpm: fpm_log.c memory leak and buffer overflow (CVE-2016-5114) * gd: memory Read via gdImageRotateInterpolated Array Index Out of Bounds (CVE-2016-1903) * wddx: use After Free Vulnerability in WDDX Packet Deserialization * wddx: session WDDX Packet Deserialization Type Confusion Vulnerability * xmlrpc: type Confusion Vulnerability in PHP_to_XMLRPC_worker() * pcre: upgrade bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394) * phar: heap corruption in tar/zip/phar parser (CVE-2016-4342) * phar: uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343) * phar: NULL Pointer Dereference in phar_tar_setupmetadata() * phar: stack overflow when decompressing tar archives (CVE-2016-2554) * add support for HTTP 451 error code * fileinfo: buffer over-write in finfo_open with malformed magic file (CVE-2015-8865) * mbstring: addressSanitizer: negative-size-param (-1) in mbfl_strcut (CVE-2016-4073) * odbc: invalid memory write in phar on filename with \0 in name (CVE-2016-4072) * snmp: php_snmp_error() format string vulnerability (CVE-2016-4071) * standard: integer overflow in php_raw_url_encode (CVE-2016-4070) * bcmath: bcpowmod accepts negative scale and corrupts _one_ definition (CVE-2016-4537, CVE-2016-4538) * exif: out of bounds heap read access in exif header processing (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544) * gd: libgd: signedness vulnerability (CVE-2016-3074) * intl: out-of-bounds reads in zif_grapheme_stripos with negative offset (CVE-2016-4540, CVE-2016-4541) * xml: xml_parse_into_struct segmentation fault (CVE-2016-4539) * core: integer underflow / arbitrary null write in fread/gzread (CVE-2016-5096) * core: integer Overflow in php_html_entities (CVE-2016-5094) * gd: imagescale out-of-bounds read (CVE-2013-7456) * intl: get_icu_value_internal out-of-bounds read (CVE-2016-5093) * stack overflow with imagefilltoborder (CVE-2015-8874) * integer Overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) * integer overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767) * mbstring: _php_mb_regex_ereg_replace_exec - double free (CVE-2016-5768) * mcrypt: heap Overflow due to integer overflows (CVE-2016-5769) * spl: int/size_t confusion in SplFileObject::fread (CVE-2016-5770) * spl: use after free vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5771) * wddx: double free courruption in wddx_deserialize (CVE-2016-5772) * zip: ZipArchive class use after free vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5773) - avoid-gcc-warnings-in-mbstring-extensions.patch: update (drop part added to upstream) ------------------------------------------------------------------- Sat Dec 26 22:04:25 UTC 2015 - mike@mk-sys.cz - update to version 5.6.16 * phar: null pointer dereference in phar_get_fp_offset() (CVE-2015-7803) * phar: uninitialized pointer in phar_make_dirstream when zip entry filename is "/" (CVE-2015-7804) * various segfaults ------------------------------------------------------------------- Wed Sep 30 19:49:50 UTC 2015 - mike@mk-sys.cz - update to version 5.6.13 * apache2handler: potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330) * opcache: user after free (CVE-2015-1351) * phar: buffer over-read in unserialize when parsing phar (CVE-2015-2783) * phar: buffer overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329) * postgres: null pointer dereference (CVE-2015-1352) * core: PHP Multipart/form-data remote dos Vulnerability (CVE-2015-4024) * core: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025) * ftp: integer overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4022) * pcntl: pcntl_exec() should not allow null char (CVE-2015-4026) * pcre: upgrade pcrelib to 8.37 (CVE-2015-2325 CVE-2015-2326) * phar: memory corruption in phar_parse_tarfile when entry filename starts with null (CVE-2015-4021) * core: OS command injection vulnerability in escapeshellarg (CVE-2015-4642) * ftp: integer overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4643) * postgres: segfault in php_pgsql_meta_data (CVE-2015-4644) * sqlite3: upgrade bundled sqlite to 3.8.10.2 (CVE-2015-3414 CVE-2015-3415 CVE-2015-3416) * mysqlnd: mysqlnd is vulnerable to BACKRONYM (CVE-2015-3152) * phar: segfault in Phar::convertToData on invalid file (CVE-2015-5589) * phar: buffer overflow and stack smashing error in phar_fix_filepath (CVE-2015-5590) * phar: files extracted from archive may be placed outside of destination directory (CVE-2015-6833) * spl: dangling pointer in the unserialization of ArrayObject items (CVE-2015-6832) * spl: use after free vulnerability in unserialize() with SPLArrayObject (CVE-2015-6831) * spl: use after free vulnerability in unserialize() with SplObjectStorage (CVE-2015-6831) * spl: use after free vulnerability in unserialize() with SplDoublyLinkedList (CVE-2015-6831) * core: use after free vulnerability in unserialize()). (CVE-2015-6834) * core: use after free vulnerability in session deserializer (CVE-2015-6835) * soap: SOAP serialize_function_call() type confusion / RCE (CVE-2015-6836) * spl: use-after-free vulnerability in unserialize() with SplObjectStorage (CVE-2015-6834) * spl: use-after-free vulnerability in unserialize() with SplDoublyLinkedList (CVE-2015-6834) * xslt: null pointer dereference (CVE-2015-6837 CVE-2015-6838) ------------------------------------------------------------------- Sun Mar 22 17:26:01 UTC 2015 - mike@mk-sys.cz - initial checkin of PHP 5.6.7 -------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
