[OpenWrt-Devel] [CC 15.05] php: Security update (7 CVEs)
jow at openwrt.org
jow at openwrt.org
Thu Jan 28 06:23:45 EST 2016
The php package has been rebuilt and was uploaded to the Chaos Calmer
15.05 repository due to multiple security issues.
VERSION
5.6.8-1 => 5.6.17-1
CHANGELOG
[Sun, 24 Jan 2016 21:47:52 +0100 18d121b]
Update to 5.6.17
Fixes CVE-2016-1903.
[Wed, 23 Dec 2015 16:00:14 -0500 766cfcc]
Update to 5.6.16
[Wed, 23 Dec 2015 16:00:04 -0500 41f541b]
Update to 5.6.15
[Wed, 23 Dec 2015 15:59:54 -0500 0df349f]
Update to 5.6.14
[Wed, 23 Dec 2015 15:59:43 -0500 196b622]
Update to 5.6.13
[Wed, 23 Dec 2015 15:59:32 -0500 1cbcdf7]
Fix the two different maintainer fields into one (fixes #1688)
[Wed, 23 Dec 2015 15:59:21 -0500 9bbdad4]
Update to 5.6.12
[Wed, 23 Dec 2015 15:59:10 -0500 6cba0bf]
This fixes the following CVEs:
- in PCRE: CVE-2015-2325, CVE-2015-2326
- in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
[Wed, 23 Dec 2015 15:58:46 -0500 559df39]
This fixes CVE-2006-7243, a multipart/form-data remote dos
vulnerability, a heap buffer overflow in unpack and a integer overflow
in ftp_genlist, which also results in a heap overflow. For more details,
see http://php.net/ChangeLog-5.php#5.6.9
Also sync the timezone patch with latest version from Debian and adopt
this patch for the changes in this php release.
Refresh 950-Fix-dl-cross-compiling-issue.patch.
[Wed, 23 Dec 2015 15:58:27 -0500 f0a0448]
This patch adds build infrastructure for PHP's OPcache extension.
Compared with the other extension, this is a Zend module and it need a
little workaround during cross-compiling.
[Wed, 23 Dec 2015 15:57:57 -0500 f04165e]
Pecl: move phpize into prepare stage
This allows pecl modules to rely on PKG_FIXUP:=autoreconf.
CHANGES
lang/php5/Makefile | 24 ++-
lang/php5/files/php.ini | 10 ++
...bian_patches_use_embedded_timezonedb.patch | 136 ++++++++------
...xt-opcache-fix-detection-of-shm-mmap.patch | 159 +++++++++++++++++
.../950-Fix-dl-cross-compiling-issue.patch | 23 ++-
lang/php5/pecl.mk | 7 +-
6 files changed, 277 insertions(+), 82 deletions(-)
REFERENCES
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903
* https://github.com/openwrt/packages/commit/f04165e4e0ddf7f9e62321f808d27aafd7631007
* https://github.com/openwrt/packages/commit/f0a0448857e04884a7ad2ae5534ac2b2cb3948fc
* https://github.com/openwrt/packages/commit/559df398ffc86fe386db79a937c61235c4b45ce0
* https://github.com/openwrt/packages/commit/6cba0bf5454034b9ac7e6dcf917ebefc75d9bb8e
* https://github.com/openwrt/packages/commit/9bbdad4ed72559aa03ccd024d5a49aae12d6a2c6
* https://github.com/openwrt/packages/commit/1cbcdf7f9e2aad526e0a59247525321aefa25234
* https://github.com/openwrt/packages/commit/196b622bd660384adecfd75959e0111ba34fe5f6
* https://github.com/openwrt/packages/commit/0df349f8df0fbc5272b909fad1320f64de622884
* https://github.com/openwrt/packages/commit/41f541bd267969d7676571be56f8c1a5c71e5257
* https://github.com/openwrt/packages/commit/766cfcc77f3be9152e818dc5703204b607a5a405
* https://github.com/openwrt/packages/commit/18d121b8542cff9734ac35bf1986bc1e3dbf7c05
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list