Remi's RPM repository - Packages

Blog | Forum | Repository

php - PHP scripting language for creating dynamic web sites

Website:
http://www.php.net/
Licence:
PHP and Zend and BSD
Vendor:
Remi Collet
Description:
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Packages

php-5.4.45-11.el6.remi.x86_64 [2.8 MiB] Changelog by Remi Collet (2016-07-22):
- Fix #70480: php_url_parse_ex() buffer overflow read
- Fix #69975: PHP segfaults when accessing nvarchar(max) defined columns
- Fix #72479: Use After Free Vulnerability in SNMP with GC and unserialize()
- Fix #72573: HTTP_PROXY is improperly trusted by some PHP libraries
  CVE-2016-5385
- Fix #72513: buffer overflow vulnerability in virtual_file_ex
- Fix #72520: buffer overflow vulnerability in php_stream_zip_opener
- Fix #72533: locale_accept_from_http out-of-bounds access
- Fix #72562: Use After Free in unserialize() with Unexpected Session
  Deserialization
- Fix #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
- Fix #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
- Partial fix #72613: do not treat negative returns from bz2 as size_t
- Fix #72618: NULL Pointer Dereference in exif_process_user_comment
- Fix #72519: possible OOB using imagegif
php-5.4.45-10.el6.remi.x86_64 [2.8 MiB] Changelog by Remi Collet (2016-06-21):
- Fix #66387: Stack overflow with imagefilltoborder
- Fix #72340: Double Free Courruption in wddx_deserialize
  CVE-2016-5772
- Fix #72275: don't allow smart_str to overflow int
- Fix #72400: prevent signed int overflows for string lengths
- Fix #72403: prevent signed int overflows for string lengths
- Fix #72268: Integer Overflow in nl2br(). (Stas)
- Fix #72339: Integer Overflow in _gd2GetHeader() resulting in heap overflow
  CVE-2016-5766
- Fix #72298: pass2_no_dither out-of-bounds access
- Fix #72402: _php_mb_regex_ereg_replace_exec - double free
  CVE-2016-5768
- Fix #72433: SPL use After Free Vulnerability in PHP's GC
  CVE-2016-5771
- Fix #72434: ZipArchive class use After Free Vulnerability in PHP's GC
  CVE-2016-5773
- Fix #72455: Heap Overflow due to integer overflows
  CVE-2016-5769
- Fix #72446: Integer Overflow in gdImagePaletteToTrueColor()
  CVE-2016-5767