NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/588 CVS commit: pkgsrc/lang



The following reply was made to PR bin/588; it has been noted by GNATS.

From: "Takahiro Kambe" <taca%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/588 CVS commit: pkgsrc/lang
Date: Sat, 31 May 2014 04:26:40 +0000

 Module Name:   pkgsrc
 Committed By:  taca
 Date:          Sat May 31 04:26:40 UTC 2014
 
 Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php55: Makefile.php distinfo
 
 Log Message:
 Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238.
 
 29 May 2014, PHP 5.5.13
 
 - CLI server:
   . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
 
 - COM:
   . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
 
 - Core:
   . Fixed bug #65701 (copy() doesn't work when destination filename is created
     by tempnam()). (Boro Sitnikovski)
   . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
   . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
     zend_exceptions.c). (Bob)
   . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
   . Fixed bug #67249 (printf out-of-bounds read). (Stas)
   . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
   . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
 
 - Curl:
   . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
 
 - Date:
   . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
   . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
   . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
 
 - DOM:
   . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE 
tag,
     not only the subset). (Anatol)
 
 - Fileinfo:
   . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
   . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) 
(CVE-2014-0238).
   . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting 
in
     performance degradation) (CVE-2014-0237).
 
 - FPM:
   . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
     (Julio Pintos)
 
 - GD:
   . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
 
 - PCRE:
   . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
     from the upstream). (Anatol)
 
 - Phar:
   . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an 
accent
     in its name). (PR #588)
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.62 -r1.63 pkgsrc/lang/php/phpversion.mk
 cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php55/Makefile.php
 cvs rdiff -u -r1.21 -r1.22 pkgsrc/lang/php55/distinfo
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index