OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.11.2 2017-01-12T08:11:26+00:00 2017-01-12T08:11:26+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-01-09T17:13:34+00:00 urn:sha1:7f4c1ac310db1f5681501cec79bf76dea47f0b41 Fixed CVEs: - CVE-2016-9933 (imagefilltoborder stackoverflow on truecolor images) http://bugs.php.net/72696 - CVE-2016-9934 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow) http://bugs.php.net/73331 Full ChangeLog: http://php.net/ChangeLog-7.php#7.1.0 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit e470b3fde7fe7e69fc5ec57fe8a5c8a4cd66c8cc) 2016-12-19T22:00:23+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-12-09T12:47:30+00:00 urn:sha1:0757d8db1cd979fe6653870beec9733ff1653eef Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 2483170d3258ee3e805ead6f0ebafe9fc6765c19) 2016-10-14T07:26:35+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-10-13T22:39:26+00:00 urn:sha1:384e00515ba9b9d133998c3943889fb31ce59c4e See http://www.php.net/ChangeLog-7.php#7.0.12 since there are no CVEs out yet. And drop upstream patch. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-17T12:05:41+00:00 Tatsuyuki Ishi ishitatsuyuki@gmail.com 2016-09-17T11:59:24+00:00 urn:sha1:82cc7ecf9f4626eb5458bc476cd3f0a1ae312e94 Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-07-21T11:55:57+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-07-21T11:23:07+00:00 urn:sha1:ac43e455fe37a872398fc6552d39aed3cd84009e Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-06-26T12:58:07+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-06-25T22:48:37+00:00 urn:sha1:a342452641bc364634eae0b9b97bb12d2b6d4edd Changelog is available here: http://php.net/ChangeLog-7.php#7.0.8 Fixes CVE-2015-8874 http://bugs.php.net/66387 Fixes CVE-2016-5766 http://bugs.php.net/72339 Fixes CVE-2016-5767 http://bugs.php.net/72446 Fixes CVE-2016-5768 http://bugs.php.net/72402 Fixes CVE-2016-5769 http://bugs.php.net/72455 Fixes CVE-2016-5772 http://bugs.php.net/72340 Fixes CVE-2016-5773 http://bugs.php.net/72434 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-06-01T15:08:48+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-06-01T10:21:36+00:00 urn:sha1:b9a0903cfeec867b80bd646903af3f149eeefc4e Fixes CVE-2013-7456 https://bugs.php.net/bug.php?id=72227 Fixes CVE-2016-5093 https://bugs.php.net/bug.php?id=72241 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-05-31T19:31:34+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-05-23T14:51:32+00:00 urn:sha1:6f6b4dc16b07dcf901fc986b6aa22f67e4280f13 Remove MySQL legacy extension. Remove incompatible external modules: - php-gnupg - php-memcached - php-ssh2 - php-yaml Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-04-29T06:49:22+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-29T00:19:56+00:00 urn:sha1:915576a01c9c758788ba42b7fe2b9fe0f6258abb Fixes (CVEs not assigned yet): bug #72094 - Out of bounds heap read access in exif header processing bug #71912 - libgd: signedness vulnerability bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset bug #71843 - null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER bug #71952 - Corruption inside imageaffinematrixget Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-04-02T14:51:22+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-01T12:02:19+00:00 urn:sha1:039db88c6b500bbc1863e11a1141f12b1842af82 Fixes (no CVEs yet): Buffer over-write in finfo_open with malformed magic file. Invalid memory write in phar on filename with \0 in name. Parsing of tar file with duplicate filenames causes memory leak. php_snmp_error() Format String Vulnerability. Integer Overflow in php_raw_url_encode. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>