Hello community, here is the log from the commit of package php5 for openSUSE:Factory checked in at 2014-04-06 09:56:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5" Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2014-03-20 06:53:28.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2014-04-06 09:56:23.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Apr 4 12:20:16 UTC 2014 - [email protected] + +- fixed CVE-2014-2497 [bnc#868624] + +------------------------------------------------------------------- New: ---- php5-5.5.10-CVE-2014-2497.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.zdNWZ7/_old 2014-04-06 09:56:24.000000000 +0200 +++ /var/tmp/diff_new_pack.zdNWZ7/_new 2014-04-06 09:56:24.000000000 +0200 @@ -176,6 +176,7 @@ Patch19: php5-big-file-upload.patch Patch20: php5-per-mod-log.patch Patch21: php5-apache24-updates.patch +Patch22: php5-5.5.10-CVE-2014-2497.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1331,6 +1332,7 @@ %patch19 -p1 %patch20 -p1 %patch21 -p1 +%patch22 # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then ++++++ php5-5.5.10-CVE-2014-2497.patch ++++++ Description: Patch to fix PHP bug 66901. Author: Andres Mejia <[email protected]> Forwarded: no Index: ext/gd/libgd/gdxpm.c =================================================================== --- ext/gd/libgd/gdxpm.c.orig 2014-02-05 11:00:36.000000000 +0100 +++ ext/gd/libgd/gdxpm.c 2014-04-04 14:06:15.991206709 +0200 @@ -39,6 +39,14 @@ number = image.ncolors; colors = (int *) safe_emalloc(number, sizeof(int), 0); for (i = 0; i < number; i++) { + if (!image.colorTable[i].c_color) + { + /* unsupported color key or color key not defined */ + gdImageDestroy(im); + gdFree(colors); + im = 0; + goto done; + } switch (strlen (image.colorTable[i].c_color)) { case 4: buf[1] = '\0'; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
