On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote: > Dizzy is missing several CVE's and upgrading to a later version within the > same > series seems reasonable since most changes are bugfixes or Security releated. > > if you are ok with this approach, please Ack and I will stage this with the > next series of updates I am working on.
Looks good, except missing [ before "PATCH]" which breaks commit subject when cherry-picking from patchwor. > > - armin > > 18-Dec-2014 > Core: > Upgraded crypt_blowfish to version 1.3. > Fixed bug #68545 (NULL pointer dereference in unserialize.c). > Fixed bug #68594 (Use after free vulnerability in unserialize()). > (CVE-2014-8142) > > Mcrypt: > Fixed possible read after end of buffer and use after free. > > 13 Nov 2014 > Core: > Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in > zend_hash_copy). > Fileinfo: > Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). > (CVE-2014-3710) > GMP: > Fixed bug #63595 (GMP memory management conflicts with other libraries > using GMP). > PDO_pgsql: > Fixed bug #66584 (Segmentation fault on statement deallocation). > > 16 Oct 2014 > Fileinfo: > Fixed bug #66242 (libmagic: don't assume char is signed). > Core: > Fixed bug #67985 (Incorrect last used array index copied to new array > after unset). > Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). > (CVE-2014-3669) > cURL: > Fixed bug #68089 (NULL byte injection - cURL lib). > EXIF: > Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) > OpenSSL: > Reverted fixes for bug #41631, due to regressions. > XMLRPC: > Fixed bug #68027 (Global buffer overflow in mkgmtime() function). > (CVE-2014-3668) > > Signed-off-by: Armin Kuster <[email protected]> > --- > meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > rename meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} (97%) > > diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb > b/meta-oe/recipes-devtools/php/php_5.4.36.bb > similarity index 97% > rename from meta-oe/recipes-devtools/php/php_5.4.33.bb > rename to meta-oe/recipes-devtools/php/php_5.4.36.bb > index 6fdfe0f..43c7736 100644 > --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb > +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb > @@ -30,8 +30,8 @@ SRC_URI_append_class-target += " \ > file://php-fpm-apache.conf \ > " > > -SRC_URI[md5sum] = "c6878bb1cdb46bfc1e1a5cd67a024737" > -SRC_URI[sha256sum] = > "1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5" > +SRC_URI[md5sum] = "70e223be4bb460e465b7a9d7cb5b9cac" > +SRC_URI[sha256sum] = > "b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241" > > S = "${WORKDIR}/php-${PV}" > > -- > 1.9.1 > > -- > _______________________________________________ > Openembedded-devel mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- Martin 'JaMa' Jansa jabber: [email protected]
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
