[ol7_software_collections] php55-php-devel-5.5.21-2.el7.x86_64

The php55-php-devel package contains the files needed for building PHP
extensions. If you need to compile your own PHP extensions, you will
need to install this package.

Changelog (Show File list) (Show related packages)

• Tue Apr 14 2015 Remi Collet <rcollet@redhat.com> - 5.5.21-2

  - core: fix use-after-free vulnerability in the
    process_nested_data function (unserialize) CVE-2015-2787
  - core: fix NUL byte injection in file name argument of
    move_uploaded_file() CVE-2015-2348
  - date: fix use after free vulnerability in unserialize()
    with DateTimeZone CVE-2015-0273
  - enchant: fix  heap buffer overflow in
    enchant_broker_request_dict() CVE-2014-9705
  - ereg: fix heap overflow in regcomp() CVE-2015-2305
  - opcache: fix use after free CVE-2015-1351
  - phar: fix use after free in phar_object.c CVE-2015-2301
  - pgsql: fix NULL pointer dereference CVE-2015-1352
  - soap: fix type confusion through unserialize #1204868

• Thu Jan 22 2015 Remi Collet <rcollet@redhat.com> - 5.5.21-1

  - rebase to PHP 5.5.21

• Tue Dec 23 2014 Remi Collet <rcollet@redhat.com> - 5.5.20-1

  - rebase to PHP 5.5.20 #1057089
  - fix package name in description
  - php-fpm own session and wsdlcache dir
  - php-common doesn't provide php-gmp

• Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.5.6-13

  - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710

• Mon Oct 20 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-12

  - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
  - core: fix integer overflow in unserialize() CVE-2014-3669
  - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

• Wed Oct 08 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-11

  - gd: fix NULL pointer dereference in gdImageCreateFromXpm().
    CVE-2014-2497
  - gd: fix NUL byte injection in file names. CVE-2014-5120
  - core: fix heap-based buffer overflow in DNS TXT record
    parsing. CVE-2014-4049
  - network: fix segfault in dns_get_record
    (incomplete fix for CVE-2014-4049). CVE-2014-3597
  - core: unserialize() SPL ArrayObject / SPLObjectStorage
    type confusion flaw. CVE-2014-3515
  - core: type confusion issue in phpinfo(). CVE-2014-4721
  - spl: fix use-after-free in ArrayIterator due to object
    change during sorting. CVE-2014-4698
  - spl: fix use-after-free in SPL Iterators. CVE-2014-4670
  - fileinfo: cdf_unpack_summary_info() excessive looping
    DoS. CVE-2014-0237
  - fileinfo: CDF property info parsing nelements infinite
    loop. CVE-2014-0238
  - fileinfo: cdf_read_short_sector insufficient boundary
    check. CVE-2014-0207
  - fileinfo: fix extensive backtracking in regular expression
    (incomplete fix for CVE-2013-7345). CVE-2014-3538
  - fileinfo: cdf_check_stream_offset insufficient boundary
    check. CVE-2014-3479
  - fileinfo: cdf_count_chain insufficient boundary check
    CVE-2014-3480
  - fileinfo: fix mconvert incorrect handling of truncated
    pascal string size. CVE-2014-3478
  - fileinfo: cdf_read_property_info insufficient boundary
    check. CVE-2014-3487
  - fileinfo: fix cdf_read_property_info
    (incomplete fix for CVE-2012-1571). CVE-2014-3587

• Tue May 13 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-10

  - fileinfo: fix out-of-bounds memory access CVE-2014-2270
  - fileinfo: fix extensive backtracking CVE-2013-7345

• Fri Mar 21 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-9

  - gd: fix NULL deref in imagecrop CVE-2013-7327
  - gd: drop vpx support, fix huge memory consumption #1075201

• Fri Feb 21 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-8

  - fix patch name
  - fix memory leak introduce in patch for CVE-2014-1943
  - fix heap-based buffer over-read in DateInterval CVE-2013-6712

• Wed Feb 19 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-7

  - fix infinite recursion in fileinfo CVE-2014-1943