-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-3891 2013-03-16 00:32:03 --------------------------------------------------------------------------------
Name : php Product : Fedora 18 Version : 5.4.13 Release : 1.fc18 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. -------------------------------------------------------------------------------- Update Information: Upstream NEWS, 14 Mar 2012, PHP 5.4.13 Core: * Fixed bug #64235 (Insteadof not work for class method in 5.4.11). (Laruence) * Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell) * Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi) * Fixed bug #64070 (Inheritance with Traits failed with error). (Dmitry) CLI server: * Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi) Mbstring: * mb_split() can now handle empty matches like preg_split() does. (Moriyoshi) OpenSSL: * Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). (Stas) PDO_mysql: * Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). (Johannes) Phar: * Fixed timestamp update on Phar contents modification. (Dmitry) SOAP: * Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) * Disabled external entities loading (CVE-2013-1643). (Dmitry) SPL: * Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence) * Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). (patch by [email protected], Laruence) * Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov) * Fixed bug #52861 (unset fails with ArrayObject and deep arrays). (Mike Willbanks) SNMP: * Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 14 2013 Remi Collet <[email protected]> 5.4.13-1 - update to 5.4.13 - security fix for CVE-2013-1643 - Hardened build (links with -z now option) - Remove %config from %{_sysconfdir}/rpm/macros.* (https://fedorahosted.org/fpc/ticket/259). * Wed Feb 20 2013 Remi Collet <[email protected]> 5.4.12-1 - update to 5.4.12 - security fix for CVE-2013-1635 - enable tokyocabinet dba handler - upstream patch (5.4.13) to fix dval to lval conversion https://bugs.php.net/64142 - upstream patch (5.4.13) for 2 failed tests - fix buit-in web server on ppc64 (fdset usage) https://bugs.php.net/64128 * Wed Jan 16 2013 Remi Collet <[email protected]> 5.4.11-1 - update to 5.4.11 - fix php.conf to allow MultiViews managed by php scripts * Wed Dec 19 2012 Remi Collet <[email protected]> 5.4.10-1 - update to 5.4.10 - remove patches merged upstream * Tue Dec 11 2012 Remi Collet <[email protected]> 5.4.9-3 - drop "Configure Command" from phpinfo output * Tue Dec 11 2012 Joe Orton <[email protected]> - 5.4.9-2 - prevent php_config.h changes across (otherwise identical) rebuilds -------------------------------------------------------------------------------- References: [ 1 ] Bug #918187 - CVE-2013-1643 php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files https://bugzilla.redhat.com/show_bug.cgi?id=918187 [ 2 ] Bug #918196 - CVE-2013-1635 php, php53: Arbitrary locations file write due absent validation of soap.wsdl_cache_dir configuration directive value https://bugzilla.redhat.com/show_bug.cgi?id=918196 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
