-
Tue Oct 29 2019 Remi Collet <rcollet@redhat.com> - 7.0.27-2
- fix underflow in env_path_info in fpm_main.c CVE-2019-11043
-
Thu Jan 04 2018 Remi Collet <rcollet@redhat.com> - 7.0.27-1
- rebase to 7.0.27 #1518843
- improve check for valid tz file (tzdata patch v14)
-
Wed Nov 02 2016 Remi Collet <rcollet@redhat.com> - 7.0.10-2
- fix definition of php_* macros #1390885
-
Tue Sep 06 2016 Remi Collet <rcollet@redhat.com> - 7.0.10-1
- rebase to 7.0.10 #1365397
- fix default include_path
-
Thu Jul 21 2016 Remi Collet <rcollet@redhat.com> - 7.0.9-1
- update to 7.0.9 for RHSCL 2.3
-
Mon Feb 15 2016 Remi Collet <rcollet@redhat.com> - 5.6.5-8
- Phar: fix segmentation fault in Phar::convertToData on
invalid file CVE-2015-5589
- Phar: fix buffer overflow and stack smashing error in
phar_fix_filepath CVE-2015-5590
- Phar: fix files from archive can be extracted outside of
destination directory using phar CVE-2015-6833
- Phar: NULL pointer dereference in phar_get_fp_offset()
CVE-2015-7803
- Phar: uninitialized pointer in phar_make_dirstream()
CVE-2015-7804
- Xslt: fix NULL pointer dereference in XSLTProcessor class
CVE-2015-6837 CVE-2015-6838
- Core: fix use-after-free vulnerability in session
deserializer CVE-2015-6835
- Core: fix multiple unserialization use-after-free issues
CVE-2015-6834
- Spl: fix dangling pointer in the unserialization of
ArrayObject items CVE-2015-6832
- Spl: fix Use After Free Vulnerability in unserialize()
CVE-2015-6831
- Soap: fix type confusion in SOAP serialize_function_call()
CVE-2015-6836
-
Wed Jun 10 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-7
- fix more functions accept paths with NUL character #1213407
-
Tue Jun 09 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-6
- core: fix multipart/form-data request can use excessive
amount of CPU usage CVE-2015-4024
- fix various functions accept paths with NUL character
CVE-2015-4025, CVE-2015-4026, #1213407
- fileinfo: fix denial of service when processing a crafted
file #1213442
- ftp: fix integer overflow leading to heap overflow when
reading FTP file listing CVE-2015-4022
- phar: fix buffer over-read in metadata parsing CVE-2015-2783
- phar: invalid pointer free() in phar_tar_process_metadata()
CVE-2015-3307
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
- phar: fix memory corruption in phar_parse_tarfile caused by
empty entry file name CVE-2015-4021
- pgsql: fix NULL pointer dereference CVE-2015-1352
- soap: fix type confusion through unserialize #1222538
- apache2handler: fix pipelined request executed in deinitialized
interpreter under httpd 2.4 CVE-2015-3330
-
Fri Apr 17 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-5
- mod_php: filter libphp5.so out of provides #1212726
- fpm: fix incorrect selinux contexts #1194337
-
Wed Apr 15 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-4
- core: fix use-after-free vulnerability in the
process_nested_data function (unserialize) CVE-2015-2787
- core: fix NUL byte injection in file name argument of
move_uploaded_file() CVE-2015-2348
- date: fix use after free vulnerability in unserialize()
with DateTimeZone CVE-2015-0273
- enchant: fix heap buffer overflow in
enchant_broker_request_dict() CVE-2014-9705
- ereg: fix heap overflow in regcomp() CVE-2015-2305
- opcache: fix use after free CVE-2015-1351
- phar: fix use after free in phar_object.c CVE-2015-2301
- pgsql: fix NULL pointer dereference CVE-2015-1352
- soap: fix type confusion through unserialize #1204868
- zip: integer overflow when processing ZIP archives CVE-2015-2331