FEDORA-2015-1058 created by remi 6 years ago for Fedora 21
stable

22 Jan 2015, PHP 5.6.5

Core: * Upgraded crypt_blowfish to version 1.3. (Leigh) * Fixed bug #60704 (unlink() bug with some files path). * Fixed bug #65419 (Inside trait, self::class != CLASS). (Julien) * Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi) * Fixed bug #55541 (errors spawn MessageBox, which blocks test automation). (Anatol) * Fixed bug #68297 (Application Popup provides too few information). (Anatol) * Fixed bug #65769 (localeconv() broken in TS builds). (Anatol) * Fixed bug #65230 (setting locale randomly broken). (Anatol) * Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly). (Ferenc) * Fixed bug #68583 (Crash in timeout thread). (Anatol) * Fixed bug #65576 (Constructor from trait conflicts with inherited constructor). (dunglas at gmail dot com) * Fixed bug #68676 (Explicit Double Free). (Kalle) * Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231) (Stefan Esser)

CGI: * Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427) (Stas)

CLI server: * Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)

cURL: * Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

Date: * Implemented FR #68268 (DatePeriod: Getter for start date, end date and interval). (Marc Bennewitz)

EXIF: * Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) (Stas)

Fileinfo: * Fixed bug #68398 (msooxml matches too many archives). (Anatol) * Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski) * Fixed bug #68671 (incorrect expression in libmagic). (Joshua Rogers, Anatol Belski) * Removed readelf.c and related code from libmagic sources (Remi, Anatol) * Fixed bug #68735 (fileinfo out-of-bounds memory access). (Anatol)

FPM: * Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi) * Fixed bug #68751 (listen.allowed_clients is broken). (Remi)

GD: * Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi) * Fixed request #68656 (Report gd library version). (Remi)

mbstring: * Fixed bug #68504 (--with-libmbfl configure option not present on Windows). (Ashesh Vashi)

Opcache: * Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache). (Laruence) * Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach loops). (Nikita)

OpenSSL: * Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)

pcntl: * Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien)

PCRE: * Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream). (Rainer Jung, Anatol Belski)

pgsql: * Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)

PDO: * Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi attribute names). (Matteo)

PDO_mysql: * Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option). (peter dot wolanin at acquia dot com)

SPL: * Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator). (Paul Garvin) * Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)

SQLite: * Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)

Streams: * Fixed bug #68532 (convert.base64-encode omits padding bytes). (blaesius at krumedia dot de)

How to install

sudo dnf upgrade --advisory=FEDORA-2015-1058

This update has been submitted for testing by remi.

6 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/30562/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/30562/steps/runtask/logs/stdio (results are informative only)

work fine in CRUD operations :)

karma

This update is currently being pushed to the Fedora 21 testing updates repository.

6 years ago

This update has been pushed to testing

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago
User Icon bradw commented & provided feedback 6 years ago
karma

Personal LAMP and mail server running GNOME. All OK.

This update has been submitted for stable by remi.

6 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/34722/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/34721/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/34721/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

6 years ago

This update has been pushed to stable

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
modified
6 years ago
BZ#1178736 CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
0
0
BZ#1178740 CVE-2014-9427 php: out of bounds read when parsing a crafted .php file [fedora-all]
0
0
BZ#1185397 CVE-2015-0231 php: use after free vulnerability in unserialize() (inclomplete fix of CVE-2014-8142)
0
0
BZ#1185472 CVE-2015-0232 php: Free called on unitialized pointer in exif.c
0
0

Automated Test Results