NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/588 CVS commit: [pkgsrc-2014Q1] pkgsrc/lang

The following reply was made to PR bin/588; it has been noted by GNATS.

From: "Matthias Scheler" <>
Subject: PR/588 CVS commit: [pkgsrc-2014Q1] pkgsrc/lang
Date: Mon, 2 Jun 2014 15:51:10 +0000

 Module Name:   pkgsrc
 Committed By:  tron
 Date:          Mon Jun  2 15:51:10 UTC 2014
 Modified Files:
        pkgsrc/lang/php [pkgsrc-2014Q1]:
        pkgsrc/lang/php54 [pkgsrc-2014Q1]: Makefile.php distinfo
 Log Message:
 Pullup ticket #4428 - requested by taca
 lang/php54: security update
 Revisions pulled up:
 - lang/php/                                        1.64
 - lang/php54/Makefile.php                                       1.8
 - lang/php54/distinfo                                           1.40
    Module Name:        pkgsrc
    Committed By:       taca
    Date:               Sat May 31 04:28:57 UTC 2014
    Modified Files:
        pkgsrc/lang/php54: Makefile.php distinfo
    Log Message:
    Update php54 to 5.4.29, contains fix for CVE-2014-0237 and CVE-2014-0238.
    29 May 2014, PHP 5.4.29
    - COM:
      . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). 
    - Core:
      . Fixed bug #65701 (copy() doesn't work when destination filename is 
        by tempnam()). (Boro Sitnikovski)
      . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
      . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
        zend_exceptions.c). (Bob)
      . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
      . Fixed bug #67249 (printf out-of-bounds read). (Stas)
      . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
      . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
    - Date:
      . Fixed bug #67118 (DateTime constructor crash with invalid data). 
      . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
      . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). 
    - DOM:
      . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire 
        not only the subset). (Anatol)
     - Fileinfo:
       . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
       . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
       . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls 
resulting in
         performance degradation). (CVE-2014-0237)
    - FPM:
      . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
        (Julio Pintos)
    - Phar:
      . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an 
        in its name). (PR #588)
 To generate a diff of this commit:
 cvs rdiff -u -r1.58.2.2 -r1.58.2.3 pkgsrc/lang/php/
 cvs rdiff -u -r1.6.6.1 -r1.6.6.2 pkgsrc/lang/php54/Makefile.php
 cvs rdiff -u -r1.36.2.1 -r1.36.2.2 pkgsrc/lang/php54/distinfo
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index