-
Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.4.16-23.3
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
-
Tue Oct 21 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-23.2
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
-
Thu Sep 11 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-23.1
- gd: fix NULL pointer dereference in gdImageCreateFromXpm().
CVE-2014-2497
- gd: fix NUL byte injection in file names. CVE-2014-5120
- fileinfo: fix extensive backtracking in regular expression
(incomplete fix for CVE-2013-7345). CVE-2014-3538
- fileinfo: fix mconvert incorrect handling of truncated
pascal string size. CVE-2014-3478
- fileinfo: fix cdf_read_property_info
(incomplete fix for CVE-2012-1571). CVE-2014-3587
- spl: fix use-after-free in ArrayIterator due to object
change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- network: fix segfault in dns_get_record
(incomplete fix for CVE-2014-4049). CVE-2014-3597
-
Fri Jun 13 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-23
- fileinfo: cdf_unpack_summary_info() excessive looping
DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
loop. CVE-2014-0238
- fileinfo: cdf_check_stream_offset insufficient boundary
check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check
CVE-2014-3480
- fileinfo: cdf_read_short_sector insufficient boundary
check. CVE-2014-0207
- fileinfo: cdf_read_property_info insufficient boundary
check. CVE-2014-3487
- fileinfo: fix extensive backtracking CVE-2013-7345
- core: type confusion issue in phpinfo(). CVE-2014-4721
- core: fix heap-based buffer overflow in DNS TXT record
parsing. CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage
type confusion flaw. CVE-2014-3515
-
Fri Mar 07 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-21
- fix out-of-bounds memory access in fileinfo CVE-2014-2270
-
Fri Feb 21 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-19
- fix memory leak introduce in patch for CVE-2014-1943
- fix heap-based buffer over-read in DateInterval CVE-2013-6712
-
Wed Feb 19 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-17
- fix infinite recursion in fileinfo CVE-2014-1943
-
Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 5.4.16-15
- Mass rebuild 2014-01-24
-
Wed Jan 15 2014 Honza Horak <hhorak@redhat.com> - 5.4.16-14
- Rebuild for mariadb-libs
Related: #1045013
-
Fri Jan 10 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-13
- build with -O3 on ppc64 #1051073