Path to this page:
Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/lang
From: Benny Siegert
Date: 2016-06-28 21:35:58
Message id: 20160628193558.26C86FBB5@cvs.NetBSD.org
Log Message:
Pullup ticket #5050 - requested by taca
lang/php55: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.139
- lang/php55/Makefile 1.27
- lang/php55/distinfo 1.54
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jun 24 15:23:00 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile distinfo
Log Message:
Update php55 to 5.5.37 (PHP 5.5.37), including security fixes.
pkgsrc change: remove confiugre from SUBST_FILES.path.
23 Jun 2016, PHP 5.5.37
- Core:
. Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- GD:
. Fixed bug #66387 (Stack overflow with imagefilltoborder) (CVE-2015-8874).
(cmb)
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow). (Pierre)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- zip:
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
Files: