stable

php-5.6.7-2.fc22

FEDORA-2015-4255 created by remi 10 years ago for Fedora 22

19 Mar 2015, PHP 5.6.7

Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) * Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) * Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) * Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) * Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com) * Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) * Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) * Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). (Stas) * Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) * Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)

CGI: * Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)

CLI: * Fixed bug #67741 (auto_prepend_file messes up LINE). (Reeze Xia)

cURL: * Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell) * Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback)

Ereg: * Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). (Stas)

FPM: * Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)

ODBC: * Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)

Opcache: * Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). (Dmitry, Laruence) * Fixed bug #69125 (Array numeric string as key). (Laruence) * Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)

OpenSSL: * Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence) * Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman) * Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey) * Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey) * Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey) * Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey) * Fixed bug (#69195 Inconsistent stream crypto values across versions) (Daniel Lowrey)

pgsql: * Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence)

Readline: * Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence)

SOAP: * Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence)

SPL: * Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence) * Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien)

ZIP: * Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Stas)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-4255

This update has been submitted for testing by remi.

10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/49577/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/49577/steps/runtask/logs/stdio (results are informative only)

test

This update is currently being pushed to the Fedora 22 testing updates repository.

10 years ago

test

This update has been pushed to testing

10 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This update has been submitted for stable by remi.

10 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/51280/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/51281/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/51281/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please log in to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
modified
10 years ago
BZ#1204868 php: SoapClient's __call() type confusion through unserialize()
0
0
BZ#1204869 php: SoapClient's __call() type confusion through unserialize() [fedora-all]
0
0

Automated Test Results