[ol7_latest_archive] php-mysql-5.4.16-36.1.el7_2.1.x86_64

Name:	php-mysql
Version:	5.4.16
Release:	36.1.el7_2.1
Architecture:	x86_64
Group:	Development/Languages
Size:	237259
License:	PHP
RPM:	php-mysql-5.4.16-36.1.el7_2.1.x86_64.rpm
Source RPM:	php-5.4.16-36.1.el7_2.1.src.rpm
Build Date:	Thu May 12 2016
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.php.net/
Summary:	A module for PHP applications that use MySQL databases
Description:	The php-mysql package contains a dynamic shared object that will add MySQL database support to PHP. MySQL is an object-relational database management system. PHP is an HTML-embeddable scripting language. If you need MySQL support for PHP applications, you will need to install this package and the php package.

Changelog (Show File list) (Show related packages)

Mon Apr 04 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-36.1
```
- session: fix segfault in session with rfc1867 #1323643
```

Wed Jun 10 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-36

- fix more functions accept paths with NUL character #1213407

Fri Jun 05 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-35

- core: fix multipart/form-data request can use excessive
  amount of CPU usage CVE-2015-4024
- fix various functions accept paths with NUL character
  CVE-2015-4025, CVE-2015-4026, #1213407
- fileinfo: fix denial of service when processing a crafted
  file #1213442
- ftp: fix integer overflow leading to heap overflow when
  reading FTP file listing CVE-2015-4022
- phar: fix buffer over-read in metadata parsing CVE-2015-2783
- phar: invalid pointer free() in phar_tar_process_metadata()
  CVE-2015-3307
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
- phar: fix memory corruption in phar_parse_tarfile caused by
  empty entry file name CVE-2015-4021
- soap: fix type confusion through unserialize #1222538
- apache2handler: fix pipelined request executed in deinitialized
  interpreter under httpd 2.4 CVE-2015-3330

Thu Apr 16 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-34

- fix memory corruption in fileinfo module on big endian
  machines #1082624
- fix segfault in pdo_odbc on x86_64 #1159892
- fix segfault in gmp allocator #1154760

Fri Apr 10 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-33

- core: use after free vulnerability in unserialize()
  CVE-2014-8142 and CVE-2015-0231
- core: fix use-after-free in unserialize CVE-2015-2787
- core: fix NUL byte injection in file name argument of
  move_uploaded_file() CVE-2015-2348
- date: use after free vulnerability in unserialize CVE-2015-0273
- enchant: fix heap buffer overflow in enchant_broker_request_dict
  CVE-2014-9705
- exif: free called on unitialized pointer CVE-2015-0232
- fileinfo: fix out of bounds read in mconvert CVE-2014-9652
- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709
- phar: use after free in phar_object.c CVE-2015-2301
- soap: fix type confusion through unserialize

Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.4.16-31

- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710

Tue Oct 21 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-29

- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

Fri Sep 12 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-27

- gd: fix NULL pointer dereference in gdImageCreateFromXpm().
  CVE-2014-2497
- gd: fix NUL byte injection in file names. CVE-2014-5120
- fileinfo: fix extensive backtracking in regular expression
  (incomplete fix for CVE-2013-7345). CVE-2014-3538
- fileinfo: fix mconvert incorrect handling of truncated
  pascal string size. CVE-2014-3478
- fileinfo: fix cdf_read_property_info
  (incomplete fix for CVE-2012-1571). CVE-2014-3587
- spl: fix use-after-free in ArrayIterator due to object
  change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- network: fix segfault in dns_get_record
  (incomplete fix for CVE-2014-4049). CVE-2014-3597

Thu Aug 21 2014 Jan Kaluza <jkaluza@redhat.com> - 5.4.16-25

- fix segfault after startup on aarch64 (#1107567)
- compile php with -O3 on ppc64le (#1123499)

Fri Jun 13 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-23

- fileinfo: cdf_unpack_summary_info() excessive looping
  DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
  loop. CVE-2014-0238
- fileinfo: cdf_check_stream_offset insufficient boundary
  check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check
  CVE-2014-3480
- fileinfo: cdf_read_short_sector insufficient boundary
  check. CVE-2014-0207
- fileinfo: cdf_read_property_info insufficient boundary
  check. CVE-2014-3487
- fileinfo: fix extensive backtracking CVE-2013-7345
- core: type confusion issue in phpinfo(). CVE-2014-4721
- core: fix heap-based buffer overflow in DNS TXT record
  parsing. CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage
  type confusion flaw. CVE-2014-3515