Path to this page:
Subject: CVS commit: [pkgsrc-2015Q2] pkgsrc/lang
From: Matthias Scheler
Date: 2015-08-12 22:12:29
Message id: 20150812201229.685CA98@cvs.netbsd.org
Log Message:
Pullup ticket #4791 - requested by taca
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.107
- lang/php55/distinfo 1.44
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 8 00:12:22 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: distinfo
Log Message:
Update php55 to 5.5.28.
06 Aug 2015, PHP 5.5.28
- Core:
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- OpenSSL:
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
Files: