-
Tue Jan 23 2018 Remi Collet <rcollet@redhat.com> - 5.4.16-45
- gd: fix buffer over-read into uninitialized memory CVE-2017-7890
-
Thu Oct 12 2017 Remi Collet <rcollet@redhat.com> - 5.4.16-44
- fix php should provide php(httpd) #1215429
- fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010
default value is "yes", preserving previous behaviour
- openssl: fix default_socket_timeout does not work with SSL #1378196
-
Wed Oct 04 2017 Remi Collet <rcollet@redhat.com> - 5.4.16-43
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168
-
Fri Aug 05 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-42
- bz2: fix improper error handling in bzread() CVE-2016-5399
-
Mon Aug 01 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-41
- gd: fix integer overflow in _gd2GetHeader() resulting in
heap overflow CVE-2016-5766
- gd: fix integer overflow in gdImagePaletteToTrueColor()
resulting in heap overflow CVE-2016-5767
- mbstring: fix double free in _php_mb_regex_ereg_replace_exec
CVE-2016-5768
-
Fri Jul 22 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-40
- don't set environmental variable based on user supplied Proxy
request header CVE-2016-5385
-
Wed Jun 15 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-39
- fix segmentation fault in header_register_callback #1344578
-
Mon May 30 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-38
- curl: add options to enable TLS #1291667
- mysqli: fix segfault in mysqli_stmt::bind_result() when
link is closed #1096800
- fpm: fix incorrectly defined SCRIPT_NAME variable when
using Apache #1138563
- core: fix segfault when a zend_extension is loaded twice #1289457
- openssl: change default_md algo from MD5 to SHA1 #1073388
- wddx: fix segfault in php_wddx_serialize_var #1131979
-
Mon Apr 04 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-37
- session: fix segfault in session with rfc1867 #1297179
-
Wed Jun 10 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-36
- fix more functions accept paths with NUL character #1213407