rpms/php/FC-5 php-5.1.2-CVE-2006-1490.patch,NONE,1.1
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 19 15:10:37 UTC 2006
- Previous message (by thread): rpms/php/FC-5 php-5.1.2-CVE-2006-0996.patch, NONE, 1.1 php.spec, 1.108, 1.109
- Next message (by thread): rpms/gtk2-engines/devel gtk-engines-2.7.4-copy.patch, NONE, 1.1 gtk2-engines.spec, 1.39, 1.40 gtk-engines-2.7.4-clone.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jorton
Update of /cvs/dist/rpms/php/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv6270
Added Files:
php-5.1.2-CVE-2006-1490.patch
Log Message:
* Wed Apr 19 2006 Joe Orton <jorton at redhat.com> 5.1.2-5.2
- add security fixes from upstream:
* phpinfo() XSS with long input (CVE-2006-0996)
* binary safeness in html_decode (CVE-2006-1490)
php-5.1.2-CVE-2006-1490.patch:
html.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE php-5.1.2-CVE-2006-1490.patch ---
Modified files: (Branch: PHP_4_4)
/php-src/ext/standard html.c
Log:
MFH - binary safety patch from Moriyoshi
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.63.2.23.2.1&r2=1.63.2.23.2.2&diff_format=u
--- php-5.1.2/ext/standard/html.c.cve1490
+++ php-5.1.2/ext/standard/html.c
@@ -884,7 +884,7 @@
unsigned char replacement[15];
int replacement_len;
- ret = estrdup(old);
+ ret = estrndup(old, oldlen);
retlen = oldlen;
if (!retlen) {
goto empty_source;
- Previous message (by thread): rpms/php/FC-5 php-5.1.2-CVE-2006-0996.patch, NONE, 1.1 php.spec, 1.108, 1.109
- Next message (by thread): rpms/gtk2-engines/devel gtk-engines-2.7.4-copy.patch, NONE, 1.1 gtk2-engines.spec, 1.39, 1.40 gtk-engines-2.7.4-clone.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list