-
Mon Feb 15 2016 Remi Collet <rcollet@redhat.com> - 5.6.5-8
- Phar: fix segmentation fault in Phar::convertToData on
invalid file CVE-2015-5589
- Phar: fix buffer overflow and stack smashing error in
phar_fix_filepath CVE-2015-5590
- Phar: fix files from archive can be extracted outside of
destination directory using phar CVE-2015-6833
- Phar: NULL pointer dereference in phar_get_fp_offset()
CVE-2015-7803
- Phar: uninitialized pointer in phar_make_dirstream()
CVE-2015-7804
- Xslt: fix NULL pointer dereference in XSLTProcessor class
CVE-2015-6837 CVE-2015-6838
- Core: fix use-after-free vulnerability in session
deserializer CVE-2015-6835
- Core: fix multiple unserialization use-after-free issues
CVE-2015-6834
- Spl: fix dangling pointer in the unserialization of
ArrayObject items CVE-2015-6832
- Spl: fix Use After Free Vulnerability in unserialize()
CVE-2015-6831
- Soap: fix type confusion in SOAP serialize_function_call()
CVE-2015-6836
-
Wed Jun 10 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-7
- fix more functions accept paths with NUL character #1213407
-
Tue Jun 09 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-6
- core: fix multipart/form-data request can use excessive
amount of CPU usage CVE-2015-4024
- fix various functions accept paths with NUL character
CVE-2015-4025, CVE-2015-4026, #1213407
- fileinfo: fix denial of service when processing a crafted
file #1213442
- ftp: fix integer overflow leading to heap overflow when
reading FTP file listing CVE-2015-4022
- phar: fix buffer over-read in metadata parsing CVE-2015-2783
- phar: invalid pointer free() in phar_tar_process_metadata()
CVE-2015-3307
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
- phar: fix memory corruption in phar_parse_tarfile caused by
empty entry file name CVE-2015-4021
- pgsql: fix NULL pointer dereference CVE-2015-1352
- soap: fix type confusion through unserialize #1222538
- apache2handler: fix pipelined request executed in deinitialized
interpreter under httpd 2.4 CVE-2015-3330
-
Fri Apr 17 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-5
- mod_php: filter libphp5.so out of provides #1212726
- fpm: fix incorrect selinux contexts #1194337
-
Wed Apr 15 2015 Remi Collet <rcollet@redhat.com> - 5.6.5-4
- core: fix use-after-free vulnerability in the
process_nested_data function (unserialize) CVE-2015-2787
- core: fix NUL byte injection in file name argument of
move_uploaded_file() CVE-2015-2348
- date: fix use after free vulnerability in unserialize()
with DateTimeZone CVE-2015-0273
- enchant: fix heap buffer overflow in
enchant_broker_request_dict() CVE-2014-9705
- ereg: fix heap overflow in regcomp() CVE-2015-2305
- opcache: fix use after free CVE-2015-1351
- phar: fix use after free in phar_object.c CVE-2015-2301
- pgsql: fix NULL pointer dereference CVE-2015-1352
- soap: fix type confusion through unserialize #1204868
- zip: integer overflow when processing ZIP archives CVE-2015-2331
-
Mon Mar 16 2015 Remi Collet <rcollet@redhat.com> 5.6.5-3
- rebuild to remove scls directory #1200056
-
Wed Jan 28 2015 Remi Collet <rcollet@redhat.com> 5.6.5-2
- fix unowned dir in register.content
-
Mon Jan 26 2015 Remi Collet <rcollet@redhat.com> 5.6.5-1
- Update to 5.6.5
http://www.php.net/releases/5_6_5.php
- FPM: enable ACL for Unix Domain Socket
- Embdded: filter requires for libphp5-5.6.so
- add register.content
-
Tue Jan 20 2015 Remi Collet <rcollet@redhat.com> 5.6.4-1
- standard build
- fix php-fpm.service.d location
-
Wed Jan 14 2015 Remi Collet <rcollet@redhat.com> 5.6.4-0
- initial package for rh-php56 in RHSCL-2.0
- bootstrap build