diff options
author | 2017-03-12 20:48:15 -0700 | |
---|---|---|
committer | 2017-11-16 15:27:16 -0800 | |
commit | b286598b43c38c7bfe6679b59ddd60058276cc53 (patch) | |
tree | c079217b725e0798ba267f2790e608d4caba8d83 /meta-oe/recipes-devtools/php/php_5.6.26.bb | |
parent | 4b26421af6456436cfd2cb491d8857a833c4aa44 (diff) | |
download | meta-openembedded-contrib-b286598b43c38c7bfe6679b59ddd60058276cc53.tar.gz |
php: CVE-2016-9137
Source: meta-openembedded
MR: 68765, 00000
Type: Integration
Disposition: Merged from meta-openembedded
ChangeID: 1aed8604e5757f9805d98348e78b1f2f09c6bc86
Description:
Use-after-free vulnerability in the CURLFile implementation in
ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via crafted serialized data that is mishandled
during __wakeup processing.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9137
https://bugs.php.net/bug.php?id=73147
Upstream patch:
http://git.php.net/?p=php-src.git;a=commitdiff;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
Reviewed-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-devtools/php/php_5.6.26.bb')
-rw-r--r-- | meta-oe/recipes-devtools/php/php_5.6.26.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-oe/recipes-devtools/php/php_5.6.26.bb b/meta-oe/recipes-devtools/php/php_5.6.26.bb index cbd0615d68..cf104803da 100644 --- a/meta-oe/recipes-devtools/php/php_5.6.26.bb +++ b/meta-oe/recipes-devtools/php/php_5.6.26.bb @@ -2,6 +2,8 @@ require php.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=b602636d46a61c0ac0432bbf5c078fe4" -SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch" +SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ + file://CVE-2016-9137.patch \ +" SRC_URI[md5sum] = "cb424b705cfb715fc04f499f8a8cf52e" SRC_URI[sha256sum] = "d47aab8083a4284b905777e1b45dd7735adc53be827b29f896684750ac8b6236" |