meta-openembedded

mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00

History

Armin Kuster 3ee3d05ce3 php5: update to later minor version 5.4.36 Dizzy is missing several CVE's and upgrading to a later version within the same series seems reasonable since most changes are bugfixes or Security releated. if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on. - armin 18-Dec-2014 Core: Upgraded crypt_blowfish to version 1.3. Fixed bug #68545 (NULL pointer dereference in unserialize.c). Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) Mcrypt: Fixed possible read after end of buffer and use after free. 13 Nov 2014 Core: Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). Fileinfo: Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) GMP: Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). PDO_pgsql: Fixed bug #66584 (Segmentation fault on statement deallocation). 16 Oct 2014 Fileinfo: Fixed bug #66242 (libmagic: don't assume char is signed). Core: Fixed bug #67985 (Incorrect last used array index copied to new array after unset). Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) cURL: Fixed bug #68089 (NULL byte injection - cURL lib). EXIF: Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) OpenSSL: Reverted fixes for bug #41631, due to regressions. XMLRPC: Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>	2015-01-12 15:39:21 +01:00
..
php	php: update to 5.4.33	2014-10-10 12:47:34 +02:00
php_5.4.36.bb	php5: update to later minor version 5.4.36	2015-01-12 15:39:21 +01:00

Armin Kuster 3ee3d05ce3 php5: update to later minor version 5.4.36

Dizzy is missing several CVE's and upgrading to a later version within the same
series seems reasonable since most changes are bugfixes or Security releated.

if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.

- armin

18-Dec-2014
Core:
    Upgraded crypt_blowfish to version 1.3.
    Fixed bug #68545 (NULL pointer dereference in unserialize.c).
    Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)

Mcrypt:
    Fixed possible read after end of buffer and use after free.

13 Nov 2014
Core:
    Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
Fileinfo:
    Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
GMP:
    Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
PDO_pgsql:
    Fixed bug #66584 (Segmentation fault on statement deallocation).

16 Oct 2014
Fileinfo:
    Fixed bug #66242 (libmagic: don't assume char is signed).
Core:
    Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
    Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
cURL:
    Fixed bug #68089 (NULL byte injection - cURL lib).
EXIF:
    Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
OpenSSL:
    Reverted fixes for bug #41631, due to regressions.
XMLRPC:
    Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

2015-01-12 15:39:21 +01:00

php

php: update to 5.4.33

2014-10-10 12:47:34 +02:00

php_5.4.36.bb

php5: update to later minor version 5.4.36

2015-01-12 15:39:21 +01:00