pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2015Q1] pkgsrc/lang



Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Apr 21 21:50:09 UTC 2015

Modified Files:
        pkgsrc/lang/php [pkgsrc-2015Q1]: phpversion.mk
        pkgsrc/lang/php54 [pkgsrc-2015Q1]: distinfo

Log Message:
Pullup ticket #4677 - requested by taca
lang/php54: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.94
- lang/php54/distinfo                                           1.56

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri Apr 17 16:39:56 UTC 2015

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php54: distinfo

   Log Message:
   Update php54 to 5.4.40.

   16 Apr 2015 PHP 5.4.40

   - Apache2handler:
     . Fixed bug #69218 (potential remote code execution with apache 2.4
       apache2handler). (Gerrit Venema)

   - Core:
     . Additional fix for bug #69152 (Type confusion vulnerability in
       exception::getTraceAsString). (Stas)
     . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
       vulnerability). (Stas)
     . Fixed bug #69353 (Missing null byte checks for paths in various PHP
       extensions). (Stas)

   - cURL:
     . Fixed bug #69316 (Use-after-free in php_curl related to
       CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

   - Ereg:
     . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)

   - Fileinfo:
     . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
       segfault). (Anatol Belski)

   - GD:
     . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi)

   - Phar:
     . Fixed bug #68901 (use after free). (bugreports at internot dot info)
     . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
     . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
       phar_set_inode). (Stas)

   - Postgres:
     . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)

   - SOAP:
     . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
       with SoapFault). (Dmitry)

   - Sqlite3:
     . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)


To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.93.2.1 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.55 -r1.55.2.1 pkgsrc/lang/php54/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index