[ol7_software_collections] php55-php-mbstring-5.5.21-2.el7.x86_64

The php55-php-mbstring package contains a dynamic shared object that will add
support for multi-byte string handling to PHP.

Changelog (Show File list) (Show related packages)

• Tue Apr 14 2015 Remi Collet <rcollet@redhat.com> - 5.5.21-2

  - core: fix use-after-free vulnerability in the
    process_nested_data function (unserialize) CVE-2015-2787
  - core: fix NUL byte injection in file name argument of
    move_uploaded_file() CVE-2015-2348
  - date: fix use after free vulnerability in unserialize()
    with DateTimeZone CVE-2015-0273
  - enchant: fix  heap buffer overflow in
    enchant_broker_request_dict() CVE-2014-9705
  - ereg: fix heap overflow in regcomp() CVE-2015-2305
  - opcache: fix use after free CVE-2015-1351
  - phar: fix use after free in phar_object.c CVE-2015-2301
  - pgsql: fix NULL pointer dereference CVE-2015-1352
  - soap: fix type confusion through unserialize #1204868

• Thu Jan 22 2015 Remi Collet <rcollet@redhat.com> - 5.5.21-1

  - rebase to PHP 5.5.21

• Tue Dec 23 2014 Remi Collet <rcollet@redhat.com> - 5.5.20-1

  - rebase to PHP 5.5.20 #1057089
  - fix package name in description
  - php-fpm own session and wsdlcache dir
  - php-common doesn't provide php-gmp

• Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.5.6-13

  - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710

• Mon Oct 20 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-12

  - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
  - core: fix integer overflow in unserialize() CVE-2014-3669
  - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

• Wed Oct 08 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-11

  - gd: fix NULL pointer dereference in gdImageCreateFromXpm().
    CVE-2014-2497
  - gd: fix NUL byte injection in file names. CVE-2014-5120
  - core: fix heap-based buffer overflow in DNS TXT record
    parsing. CVE-2014-4049
  - network: fix segfault in dns_get_record
    (incomplete fix for CVE-2014-4049). CVE-2014-3597
  - core: unserialize() SPL ArrayObject / SPLObjectStorage
    type confusion flaw. CVE-2014-3515
  - core: type confusion issue in phpinfo(). CVE-2014-4721
  - spl: fix use-after-free in ArrayIterator due to object
    change during sorting. CVE-2014-4698
  - spl: fix use-after-free in SPL Iterators. CVE-2014-4670
  - fileinfo: cdf_unpack_summary_info() excessive looping
    DoS. CVE-2014-0237
  - fileinfo: CDF property info parsing nelements infinite
    loop. CVE-2014-0238
  - fileinfo: cdf_read_short_sector insufficient boundary
    check. CVE-2014-0207
  - fileinfo: fix extensive backtracking in regular expression
    (incomplete fix for CVE-2013-7345). CVE-2014-3538
  - fileinfo: cdf_check_stream_offset insufficient boundary
    check. CVE-2014-3479
  - fileinfo: cdf_count_chain insufficient boundary check
    CVE-2014-3480
  - fileinfo: fix mconvert incorrect handling of truncated
    pascal string size. CVE-2014-3478
  - fileinfo: cdf_read_property_info insufficient boundary
    check. CVE-2014-3487
  - fileinfo: fix cdf_read_property_info
    (incomplete fix for CVE-2012-1571). CVE-2014-3587

• Tue May 13 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-10

  - fileinfo: fix out-of-bounds memory access CVE-2014-2270
  - fileinfo: fix extensive backtracking CVE-2013-7345

• Fri Mar 21 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-9

  - gd: fix NULL deref in imagecrop CVE-2013-7327
  - gd: drop vpx support, fix huge memory consumption #1075201

• Fri Feb 21 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-8

  - fix patch name
  - fix memory leak introduce in patch for CVE-2014-1943
  - fix heap-based buffer over-read in DateInterval CVE-2013-6712

• Wed Feb 19 2014 Remi Collet <rcollet@redhat.com> - 5.5.6-7

  - fix infinite recursion in fileinfo CVE-2014-1943